VYPR

Maven package

org.apache.pinot/pinot

pkg:maven/org.apache.pinot/pinot

Vulnerabilities (2)

  • CVE-2022-26112Sep 23, 2022
    affected < 0.11.0fixed 0.11.0

    In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. S

  • CVE-2022-23974Apr 5, 2022
    affected < 0.10.0fixed 0.10.0

    In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot servi