CVE-2022-26112

Name of the Vulnerable Software and Affected Versions Apache Pinot versions 0.10.0 and earlier

Description The issue is related to the groovy function support in the Pinot query endpoint and realtime ingestion layer, which poses a risk in unprotected environments. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The vulnerability is due to the groovy function support being enabled by default in older versions. API Endpoints: The Pinot query endpoint is affected. Vulnerable Parameters or Variables: No specific variables are mentioned. Function Names: No specific function names are mentioned, but the groovy function support is implicated.

Recommendations For Apache Pinot versions 0.10.0 and earlier, update to version 0.11.0 or later, where the groovy function support is disabled by default. As a temporary workaround, consider disabling the groovy script support until a patch is available.