mcp-pinot-server@0.1.0

A production-grade MCP server for Apache Pinot

  • latest version

    3.1.0

  • latest non vulnerable version

  • first published

    1 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the mcp-pinot-server package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Missing Authentication for Critical Function

    mcp-pinot-server is an A production-grade MCP server for Apache Pinot

    Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the default configuration where authentication is disabled and the HTTP server binds to all network interfaces. An attacker can gain unauthorized access to sensitive data, modify schemas and table configurations, and disrupt service availability by sending crafted HTTP requests to exposed endpoints. This is only exploitable if the server is started with OAuth authentication disabled and the HTTP bind address set to a non-loopback interface.

    How to fix Missing Authentication for Critical Function?

    Upgrade mcp-pinot-server to version 3.1.0 or higher.

    [,3.1.0)