11 matches found
CVE-2022-26112
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
EUVD-2022-6919
Malicious code in bioql PyPI...
Apache Pinot has Groovy Function support enabled by default
Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function...
GHSA-QJ9P-JVMW-82RH Apache Pinot has Groovy Function support enabled by default
Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function...
CVE-2022-26112
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
Information disclosure
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
CVE-2022-26112 Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
CVE-2022-26112
CVE-2022-26112 affects Apache Pinot 0.10.0 and earlier, where Groovy function support is enabled by default in the Pinot query endpoint and realtime ingestion layer, causing a vulnerability in unprotected environments. The issue is mitigated by disabling Groovy support by default beginning with P...
CVE-2022-26112 Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
PT-2022-17682 · Apache · Apache Pinot
Name of the Vulnerable Software and Affected Versions: Apache Pinot versions 0.10.0 and earlier Description: The issue is related to the groovy function support in the Pinot query endpoint and realtime ingestion layer, which poses a risk in unprotected environments. The estimated number of...
Remote Code Execution (RCE)
OrientDB Core is vulnerable to remote code execution RCE attacks. Permissions are not enforced on a user executing a statement to the ORole structure containing a where, fetchplan or order by statement. By executing a groovy function where the groovy wrapper doesn't have a sandbox, any system...