Severity: important Affected versions:
- Apache Doris before 1.2.8 Description: The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue. Credit: Andrea Cosentino from Apache Software Foundation (reporter) References: https://doris.apache.org https://www.cve.org/CVERecord?id=CVE-2023-41313 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@doris.apache.org For additional commands, e-mail: dev-h...@doris.apache.org
