{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T19:22:29.883","vulnerabilities":[{"cve":{"id":"CVE-2022-26112","sourceIdentifier":"security@apache.org","published":"2022-09-23T08:15:08.780","lastModified":"2025-05-27T15:15:24.513","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0"},{"lang":"es","value":"En versión 0.10.0 o en versiones anteriores de Apache Pinot, el punto final de consulta de Pinot y la capa de ingestión en tiempo real presentan una vulnerabilidad en entornos no protegidos debido al soporte de una función groovy. Para evitar esto, hemos deshabilitado el soporte de la función groovy por defecto desde la versión 0.11.0 de Pinot. Véase https://docs.pinot.apache.org/basics/releases/0.11.0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:pinot:*:*:*:*:*:*:*:*","versionEndExcluding":"0.11.0","matchCriteriaId":"02C00685-B434-4A02-AADF-0D15F9E331DA"}]}]}],"references":[{"url":"https://lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9h","source":"security@apache.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}}]}