In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
[
{
"product": "Apache Pinot",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.10.0",
"status": "affected",
"version": "Apache Pinot",
"versionType": "custom"
}
]
}
]