pinot-controller is vulnerable to privilege escalation. The vulnerability exists because the isDisableIngestionGroovy
function of ControllerConf.java
does not properly disable groovy functionality by default allowing an attacker to modify table-level config or broker/controller config to turn it on globally.