GHSA-qj9p-jvmw-82rh

Source

https://github.com/advisories/GHSA-qj9p-jvmw-82rh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-qj9p-jvmw-82rh/GHSA-qj9p-jvmw-82rh.json

Aliases

CVE-2022-26112

Published

2022-09-25T00:00:26Z

Modified

2023-11-08T04:08:53.250056Z

Details

Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function support disabled by default, in version 0.11.0. A potential workaround is to disable groovy script support.

References

Affected packages

Maven / org.apache.pinot:pinot

Package

Name: org.apache.pinot:pinot

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.11.0

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.7.1

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.10.0