QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-48019

Back to search

CVE-2024-48019

Published: Feb 4, 2025

Modified: Feb 7, 2025

PUBLISHED

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

VendorProductVersions

Apache Software Foundation

Apache Doris

affected
2.1.0 - < 2.1.8
affected
3.0.0 - < 3.0.3

Weaknesses (CWE)

CWE-22
CWE-552

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now