Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/16 11:3 a.m.22 views

CVE-2024-24780

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.8CVSS7.6AI score0.01304EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/05/14 12:31 p.m.9 views

org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3), org.apache.iotdb:influxdb-protocol (>=1.0.0 <=1.1.2) +12 more potentially affected by CVE-2024-24780 via org.apache.iotdb:iotdb-server (>=1.0.0 <=1.3.3)

org.apache.iotdb:iotdb-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.3 Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176115...

9.8CVSS5.8AI score0.01304EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/14 12:31 p.m.7 views

anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)

apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2024-24780 Source advisory: OSV:GHSA-F4RQ-F4J9-F6RM...

9.8CVSS5.8AI score0.01304EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/14 12:31 p.m.12 views

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2024-24780 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176116...

9.8CVSS5.8AI score0.01304EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/14 11:15 a.m.6 views

anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)

apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2024-24780 Source advisory: OSV:PYSEC-2025-59...

9.8CVSS5.8AI score0.01304EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/05/14 10:42 a.m.12 views

CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.7AI score0.01304EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 10:42 a.m.5 views

CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.8CVSS6.1AI score0.01304EPSS
Exploits0References4
CVE
CVE
added 2025/05/14 10:42 a.m.100 views

CVE-2024-24780

CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...

9.8CVSS7.2AI score0.01304EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2025/05/14 12:46 a.m.26 views

CVE-2024-24780

creationtimestamp| type| source ---|---|--- 2025-05-14 00:46:21+00:00| seen| https://seclists.org/oss-sec/2025/q2/140 2025-05-14 10:59:53+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp4tn434y4j2 2025-05-14 11:31:21+00:00| seen|...

9.8CVSS5.3AI score0.01304EPSS
Exploits0References6
Rows per page
Query Builder