Deserialization Of Untrusted Data

org.apache.iotdb:iotdb-confignode is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of externally supplied serialized data, which allows an attacker to craft malicious serialized objects that can be deserialized to execute arbitrary code or...

org.apache.iotdb:integration-test (>=1.3.3 <=2.0.1-beta), org.apache.iotdb:iotdb-distribution (>=1.3.3 <=2.0.1-beta) potentially affected by CVE-2025-48459 via org.apache.iotdb:iotdb-confignode (>=1.3.3 <=2.0.1-beta)

org.apache.iotdb:iotdb-confignode MAVEN version =1.3.3, =1.3.3, =1.3.3, =2.0.1-beta Source cves: CVE-2025-48459 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-13053298...

org.apache.iotdb:integration-test (>=1.3.3 <=2.0.1-beta), org.apache.iotdb:iotdb-distribution (>=1.3.3 <=2.0.1-beta) potentially affected by CVE-2025-48459 via org.apache.iotdb:iotdb-confignode (>=1.3.3 <=2.0.1-beta)

org.apache.iotdb:iotdb-confignode MAVEN version =1.3.3, =1.3.3, =1.3.3, =2.0.1-beta Source cves: CVE-2025-48459 Source advisory: OSV:GHSA-776Q-JW43-FHJX...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...