Skip to content

Commit b48052f

Browse files
joernNNNjoernNNN
committed
secure version is utilized now
1 parent 86d96ee commit b48052f

File tree

2 files changed

+27
-10
lines changed

2 files changed

+27
-10
lines changed

apache/pinot/CVE-2024-56325/Dockerfile

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,18 +13,20 @@ RUN java -version
1313

1414
FROM jdk21-base AS pinot
1515

16+
ARG PINOT_VERSION=1.2.0
17+
1618
RUN apt update && apt install wget -y
17-
RUN wget https://www.apache.org/dyn/closer.lua/pinot/apache-pinot-1.2.0/apache-pinot-1.2.0-bin.tar.gz?action=download -O apache-pinot-1.2.0-bin.tar.gz
18-
RUN tar -zxvf apache-pinot-1.2.0-bin.tar.gz
19+
RUN wget https://www.apache.org/dyn/closer.lua/pinot/apache-pinot-${PINOT_VERSION}/apache-pinot-${PINOT_VERSION}-bin.tar.gz?action=download -O apache-pinot-${PINOT_VERSION}-bin.tar.gz
20+
RUN tar -zxvf apache-pinot-${PINOT_VERSION}-bin.tar.gz
1921

20-
WORKDIR /apache-pinot-1.2.0-bin
22+
WORKDIR /apache-pinot-${PINOT_VERSION}-bin
2123

2224

2325
COPY controller.conf controller.conf
2426
COPY broker.conf broker.conf
2527
COPY server.conf server.conf
2628
COPY minion.conf minion.conf
27-
COPY start-pinot.sh /apache-pinot-1.2.0-bin/start-pinot.sh
28-
RUN chmod +x /apache-pinot-1.2.0-bin/start-pinot.sh
29+
COPY start-pinot.sh /apache-pinot-${PINOT_VERSION}-bin/start-pinot.sh
30+
RUN chmod +x /apache-pinot-${PINOT_VERSION}-bin/start-pinot.sh
2931

30-
CMD ["/apache-pinot-1.2.0-bin/start-pinot.sh"]
32+
CMD ["./start-pinot.sh"]

apache/pinot/CVE-2024-56325/README.md

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,29 @@
11
# setup vulnerable version
22
```bash
3-
docker build -t pinot-jdk21-debian:latest .
4-
docker run --rm -p 9000:9000 --name pinot-CVE-2024-56325 pinot-jdk21-debian:latest
3+
docker build --build-arg PINOT_VERSION=1.2.0 -t pinot-jdk21-debian:1.2.0 .
4+
docker run --rm -p 9000:9000 --name pinot-CVE-2024-56325 pinot-jdk21-debian:1.2.0
55
```
6-
# test vulnerable version
6+
## test vulnerable version
77
```bash
88
curl -v http://localhost:9000/tables
99
# 401 Unauthorized
1010
# {"code":401,"error":"HTTP 401 Unauthorized"}
1111
curl -v http://localhost:9000/tables\;.
1212
# 200 OK
1313
# {"tables":[]}
14-
```
14+
```
15+
16+
# setup fixed version
17+
```bash
18+
docker build --build-arg PINOT_VERSION=1.3.0 -t pinot-jdk21-debian:1.3.0 .
19+
docker run --rm -p 9001:9000 --name pinot-CVE-2024-56325-patched pinot-jdk21-debian:1.3.0
20+
```
21+
## test secure version
22+
```bash
23+
curl -v http://localhost:9000/tables
24+
# 401 Unauthorized
25+
# {"code":401,"error":"HTTP 401 Unauthorized"}
26+
curl -v http://localhost:9000/tables\;.
27+
# 401 Unauthorized
28+
# {"code":401,"error":"HTTP 401 Unauthorized"}
29+
```

0 commit comments

Comments
 (0)