CVE-2022-26112: Apache Pinot has Groovy Function support enabled by default
(updated )
Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function support disabled by default, in version 0.11.0. A potential workaround is to disable groovy script support.
References
Code Behaviors & Features
Detect and mitigate CVE-2022-26112 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →