Lucene search
ApacheCVELIST:CVE-2022-26112HistorySep 23, 2022 - 8:05 a.m.
CVE-2022-26112 Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support
2022-09-2308:05:13
apache
www.cve.org
1
cve-2022-26112
pinot
query endpoint
realtime ingestion
vulnerability
unprotected environments
groovy function support
apache pinot
0.10.0
older versions
pinot release 0.11.0
disabled.
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
CNA Affected
[
{
"product": "Apache Pinot",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.10.0",
"status": "affected",
"version": "Apache Pinot",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Privilege Escalation
2022-09-27 04:25:37
nvd
nvd
CVE-2022-26112
2022-09-23 08:15:08
osv
osv
CVE-2022-26112
2022-09-23 08:15:08
Apache Pinot has Groovy Function support enabled by default
2022-09-25 00:00:26
cve
cve
CVE-2022-26112
2022-09-23 08:15:08
prion
prion
Information disclosure
2022-09-23 08:15:00
github
github
Apache Pinot has Groovy Function support enabled by default
2022-09-25 00:00:26