By the Year
In 2023 there have been 0 vulnerabilities in Apache Pinot . Last year Pinot had 2 security vulnerabilities published. Right now, Pinot is on track to have less security vulnerabilities in 2023 than it did last year.
It may take a day or so for new Pinot vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Pinot Security Vulnerabilities
In 0.10.0 or older versions of Apache Pinot
9.8 - Critical
- September 23, 2022
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables
7.5 - High
- April 05, 2022
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Pinot or by Apache? Click the Watch button to subscribe.