Vulnerability Details CVE-2022-26112
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.5%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-26112
-
cpe:2.3:a:apache:pinot:0.1.0
-
cpe:2.3:a:apache:pinot:0.10.0
-
cpe:2.3:a:apache:pinot:0.2.0
-
cpe:2.3:a:apache:pinot:0.3.0
-
cpe:2.3:a:apache:pinot:0.4.0
-
cpe:2.3:a:apache:pinot:0.5.0
-
cpe:2.3:a:apache:pinot:0.6.0
-
cpe:2.3:a:apache:pinot:0.7.1
-
cpe:2.3:a:apache:pinot:0.8.0
-
cpe:2.3:a:apache:pinot:0.9.0
-
cpe:2.3:a:apache:pinot:0.9.1
-
cpe:2.3:a:apache:pinot:0.9.2
-
cpe:2.3:a:apache:pinot:0.9.3