7 matches found
CVE-2022-43766
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
org.apache.iotdb:flink-example (>=0.12.2 <=0.13.2) potentially affected by CVE-2022-43766 via org.apache.iotdb:flink-tsfile-connector (>=0.12.2 <=0.13.2)
org.apache.iotdb:flink-tsfile-connector MAVEN version =0.12.2, =0.12.2, =0.13.2 Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
org.apache.iotdb:customize-mqtt-example (>=0.13.0 <=0.13.2), org.apache.iotdb:integration (>=0.13.0 <=0.13.2) +5 more potentially affected by CVE-2022-43766 via org.apache.iotdb:iotdb-server (>=0.12.2 <=0.13.2)
org.apache.iotdb:iotdb-server MAVEN version =0.12.2, =0.13.0, =0.13.0, =0.12.2, =0.12.2, =0.12.6, =0.13.0, =0.12.2, =0.13.2 Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
io.edurt.datacap:datacap-jdbc-iotdb (>=1.7.0 <=1.8.0), org.apache.iotdb:client-example (>=0.12.2 <=0.13.2) +37 more potentially affected by CVE-2022-43766 via org.apache.iotdb:tsfile (>=0.12.2 <=0.13.2)
org.apache.iotdb:tsfile MAVEN version =0.12.2, =1.7.0, =0.12.2, =0.13.0, =0.13.1, =0.12.2, =0.12.2, =0.12.2, =0.12.2, =0.12.2, =0.13.0, =0.12.2, =0.12.2, =0.12.2, =0.12.2, =0.13.0, =0.13.2 and more Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
CVE-2022-43766
CVE-2022-43766 affects Apache IoTDB versions 0.12.2–0.12.6 and 0.13.0–0.13.2. The issue is a Denial of Service caused by accepting untrusted REGEXP query patterns when running with Java 8, as described across multiple sources. The fixed release is 0.13.3 or newer, and using a later Java version a...