237 matches found
CVE-2024-24780
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)
apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2024-24780 Source advisory: OSV:PYSEC-2025-59...
PYSEC-2025-59
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
PYSEC-2025-59
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who hasprivilege to create UDF can register malicious function fromuntrusted URI.This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.Users are recommended to upgrade to version 1.3.4, which fixes the...
CVE-2024-24780
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
CVE-2024-24780
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
CVE-2025-26864 Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...
CVE-2025-26864
Apache IoTDB OpenIdAuthorizer is affected by CVE-2025-26864, allowing exposure of sensitive information to an unauthorized actor via log files. Affected versions are 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. The issue’s root cause is an information leakage into logs, enabling disclosure of sensit...
CVE-2025-26864 Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...
CVE-2025-26795
CVE-2025-26795 affects Apache IoTDB JDBC driver (iotdb-jdbc) versions 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. Root cause: insertion of sensitive information into log files, leading to exposure to unauthorized actors. Impact is High confidentiality (C:H, I/N/A:N). Affected component is iotdb-jdb...
CVE-2025-26795 Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...
CVE-2025-26795 Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...
CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
CVE-2024-24780
CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...
CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...
Apache IoTDB 日志信息泄露漏洞
Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation that provides data collection, storage, and analysis services, among other things. A log information disclosure vulnerability exists in Apache IoTDB versions 0.10.0 through 1.3.3 and...
Apache IoTDB JDBC driver 日志信息泄露漏洞
The Apache IoTDB JDBC driver is a standard JDBC driver for the Apache IoTDB database from the Apache USA Foundation that supports Java applications interacting with IoTDB. A log information disclosure vulnerability exists in Apache IoTDB JDBC driver versions 0.10.0 through 1.3.3 and versions prio...
PT-2025-21137 · Apache · Apache Iotdb
Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 0.10.0 through 1.3.3 Apache IoTDB versions 2.0.1-beta through 2.0.2 Description: The issue is related to the exposure of sensitive information to an unauthorized actor and the insertion of sensitive information into log...
PT-2025-21136 · Apache · Iotdb-Jdbc
Name of the Vulnerable Software and Affected Versions: iotdb-jdbc versions 0.10.0 through 1.3.3 iotdb-jdbc versions 2.0.1-beta through 2.0.2 Description: The issue is related to the exposure of sensitive information to an unauthorized actor and the insertion of sensitive information into log file...
CVE-2023-51656
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...