9 matches found
CVE-2024-24780
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3), org.apache.iotdb:influxdb-protocol (>=1.0.0 <=1.1.2) +12 more potentially affected by CVE-2024-24780 via org.apache.iotdb:iotdb-server (>=1.0.0 <=1.3.3)
org.apache.iotdb:iotdb-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.3 Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176115...
anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)
apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2024-24780 Source advisory: OSV:GHSA-F4RQ-F4J9-F6RM...
org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2024-24780 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.4-1)
org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176116...
anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)
apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2024-24780 Source advisory: OSV:PYSEC-2025-59...
CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
CVE-2024-24780
CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...
CVE-2024-24780
creationtimestamp| type| source ---|---|--- 2025-05-14 00:46:21+00:00| seen| https://seclists.org/oss-sec/2025/q2/140 2025-05-14 10:59:53+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp4tn434y4j2 2025-05-14 11:31:21+00:00| seen|...