1. Home
  2. Vulnerabilities
  3. CVE-2022-26112

CVE-2022-26112

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 0.20 % (57th)
0.20% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2022-09-23 08:15:08
(2 years ago)
Updated Date
2022-09-26 17:22:02
(2 years ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Pinot prior 0.11.0 version cpe:2.3:a:apache:pinot < 0.11.0