Apache, Alibaba databases vulnerable and only one has a patch Security vulnerabilities in MCP servers for three popular database projects could let attackers execute unintended SQL statements on Apache Doris, exfiltrate sensitive metadata from Alibaba RDS, and potentially take over Apache Pinot instances exposed to the internet. Alibaba, meanwhile, declined to patch its flaw. Apache issued a patch and a CVE tracker for Doris MCP, and theres an open ticket in the MCP Pinot Github repository for...
