Haoruo Chen

**Name of the Vulnerable Software and Affected Versions** Apache Pinot versions 0.10.0 and earlier **Description** The issue is related to the groovy function support in the Pinot query endpoint and realtime ingestion layer, which poses a risk in unprotected environments. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The vulnerability is due to the groovy function support being enabled by default in older versions. API Endpoints: The Pinot query endpoint is affected. Vulnerable Parameters or Variables: No specific variables are mentioned. Function Names: No specific function names are mentioned, but the groovy function support is implicated. **Recommendations** For Apache Pinot versions 0.10.0 and earlier, update to version 0.11.0 or later, where the groovy function support is disabled by default. As a temporary workaround, consider disabling the groovy script support until a patch is available.