Critical severityNVD Advisory· Published Sep 23, 2022· Updated May 27, 2025
Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support
CVE-2022-26112
Description
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.pinot:pinotMaven | < 0.11.0 | 0.11.0 |
Affected products
2- Apache Software Foundation/Apache Pinotv5Range: Apache Pinot
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-qj9p-jvmw-82rhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-26112ghsaADVISORY
- docs.pinot.apache.org/basics/releases/0.11.0ghsaWEB
- github.com/apache/pinot/pull/8711ghsaWEB
- lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9hghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.