Maven package
org.apache.pinot/pinot
pkg:maven/org.apache.pinot/pinot
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-26112 | — | < 0.11.0 | 0.11.0 | Sep 23, 2022 | In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. S | ||
| CVE-2022-23974 | — | < 0.10.0 | 0.10.0 | Apr 5, 2022 | In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot servi |
- CVE-2022-26112Sep 23, 2022affected < 0.11.0fixed 0.11.0
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. S
- CVE-2022-23974Apr 5, 2022affected < 0.10.0fixed 0.10.0
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot servi