237 matches found
PT-2024-1462 · Apache · Apache Iotdb
Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 1.0.0 through 1.2.2 Description: The issue is a Remote Code Execution vulnerability in Apache IoTDB, which exists due to insufficient input validation. This allows a remote attacker to execute arbitrary code. Users are...
Apache IoTDB Deserialization Vulnerability
Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation, which provides data collection, storage, and analysis services, among other things. A deserialization vulnerability exists in Apache IoTDB versions 0.13.0 through 0.13.4, which can b...
Deserialization Of Untrusted Data
Apache IoTDB is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to directly deserializing the key/values from the deviceOwnerFile within the deSerializeDeviceOwnerMap method. Each key/value from the owner file is parsed directly using the ObjectOutputStream class, withou...
GHSA-F23H-52HJ-99P6 Apache IoTDB: Unsafe deserialize map in Sync Tool
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
Apache IoTDB: Unsafe deserialize map in Sync Tool
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2023-51656
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2023-51656
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2023-51656 Apache IoTDB: Unsafe deserialize map in Sync Tool
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue...
CVE-2023-51656
CVE-2023-51656 concerns Apache IoTDB's Deserialization of Untrusted Data. The Red Hat/Veracode/CNVD/Sources show the vulnerability affects IoTDB releases 0.13.0–0.13.4 and can lead to arbitrary code execution via deserializing untrusted data. The issue is mitigated by upgrading to IoTDB 1.2.2, wh...
PT-2023-31872 · Apache · Apache Iotdb
Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 0.13.0 through 0.13.4 Description: The issue is related to the deserialization of untrusted data in Apache IoTDB. Users are advised to upgrade to a fixed version to resolve the issue. Recommendations: For Apache IoTDB...
org.apache.iotdb:iotdb-distribution (>=0.13.0 <=0.13.3) potentially affected by CVE-2023-24831 via org.apache.iotdb:iotdb-grafana-connector (>=0.13.0 <=0.13.3)
org.apache.iotdb:iotdb-grafana-connector MAVEN version =0.13.0, =0.13.0, =0.13.3 Source cves: CVE-2023-24831 Source advisory: OSV:GHSA-PVJV-386F-C8WH...
GHSA-PVJV-386F-C8WH Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3. Attackers could log in without authorization. This is fixed in 0.13.4...
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB. This issue affects Apache IoTDB Grafana Connector from 0.13.0 through 0.13.3. Attackers could log in without authorization. This is fixed in 0.13.4...
CVE-2023-30771
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...
CVE-2023-30771
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...
anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2023-30771 via apache-iotdb (=1.3.2.post0)
apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2023-30771 Source advisory: OSV:PYSEC-2023-8...
Authorization
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...
CVE-2023-30771 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...
CVE-2023-30771 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...