exploitDog

CVE-2022-26112

Опубликовано: 23 сент. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0

Ссылки

https://lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9h
Mailing List
Patch
Third Party Advisory
https://lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9h
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:pinot:*:*:*:*:*:*:*:*

Версия до 0.11.0 (исключая)

EPSS

Процентиль: 82%

0.01769

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-94

Связанные уязвимости

GHSA-qj9p-jvmw-82rh

CVSS3: 9.8

github

больше 3 лет назад

Apache Pinot has Groovy Function support enabled by default

EPSS

Процентиль: 82%

0.01769

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-94