3.1.0
1 years ago
1 months ago
Known vulnerabilities in the mcp-pinot-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
mcp-pinot-server is an A production-grade MCP server for Apache Pinot Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the default configuration where authentication is disabled and the HTTP server binds to all network interfaces. An attacker can gain unauthorized access to sensitive data, modify schemas and table configurations, and disrupt service availability by sending crafted HTTP requests to exposed endpoints. This is only exploitable if the server is started with OAuth authentication disabled and the HTTP bind address set to a non-loopback interface. How to fix Missing Authentication for Critical Function? Upgrade | [,3.1.0) |