3 matches found
org.apache.iotdb:iotdb-distribution (>=0.13.0 <=0.13.3) potentially affected by CVE-2023-24831 via org.apache.iotdb:iotdb-grafana-connector (>=0.13.0 <=0.13.3)
org.apache.iotdb:iotdb-grafana-connector MAVEN version =0.13.0, =0.13.0, =0.13.3 Source cves: CVE-2023-24831 Source advisory: OSV:GHSA-PVJV-386F-C8WH...
org.apache.iotdb:iotdb-distribution (=0.13.0) potentially affected by CVE-2022-38370 via org.apache.iotdb:iotdb-grafana-connector (=0.13.0)
org.apache.iotdb:iotdb-grafana-connector MAVEN version =0.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.iotdb:iotdb-grafana-connector and may be impacted: - org.apache.iotdb:iotdb-distribution =0.13.0 Source cves: CVE-2022-38370 Sourc...
GHSA-C86F-9GRV-PMQF Apache IoTDB grafana-connector contains an interface without authorization
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue...