Back to search
CVE-2022-26112
Published: Sep 23, 2022
Modified: May 27, 2025
PUBLISHED
Description
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Pinot | affected Apache Pinot - <= 0.10.0 |
References
https://lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9h
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now