CVE-2022-26112
published 2022-09-23CVE-2022-26112: In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pinot | < 0.11.0 | 0.11.0 |
| apache_software_foundation | apache_pinot | Apache Pinot – 0.10.0 | — |