You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pinot.apache.org by Seunghyun Lee <sn...@apache.org> on 2022/09/23 03:02:10 UTC

CVE-2022-26112: Apache Pinot: Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support

Description:

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and
realtime ingestion layer has a vulnerability in unprotected environments
due to a groovy function support. In order to avoid this, we disabled the
groovy function support by default from Pinot release 0.11.0.

See https://docs.pinot.apache.org/basics/releases/0.11.0

Credit:

Apache Pinot would like to thank Haoruo Chen(chenhaoruo0128@gmail.com) for
reporting the issue


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pinot.apache.org
For additional commands, e-mail: dev-help@pinot.apache.org