[MAVEN:GHSA-QJ9P-JVMW-82RH] Apache Pinot has Groovy Function support enabled by default
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function support disabled by default, in version 0.11.0. A potential workaround is to disable groovy script support.
Package | Affected Version |
---|---|
pkg:maven/org.apache.pinot/pinot | < 0.11.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.apache.pinot/pinot | = 0.11.0 |
- ID
- MAVEN:GHSA-QJ9P-JVMW-82RH
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-qj9p-jvmw-82rh
- Published
-
2022-09-25T00:00:26
(2 years ago) - Modified
-
2023-01-28T05:08:35
(19 months ago) - Rights
- Maven Security Team
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |