CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

Apache IoTDB 安全漏洞

Apache IoTDB is an integrated data management engine designed for time series data from the Apache Foundation USA that provides data collection, storage, and analysis services, among other things. A security vulnerability exists in Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through...

CVE-2022-43766

CVE-2022-43766 affects Apache IoTDB versions 0.12.2–0.12.6 and 0.13.0–0.13.2. The issue is a Denial of Service caused by accepting untrusted REGEXP query patterns when running with Java 8, as described across multiple sources. The fixed release is 0.13.3 or newer, and using a later Java version a...

PT-2022-27026 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 0.12.2 through 0.12.6 Apache IoTDB versions 0.13.0 through 0.13.2 Description: The issue is a Denial of Service attack that occurs when Apache IoTDB accepts untrusted patterns for REGEXP queries with Java 8. Users can...

Apache IoTDB Licensing Issue Vulnerability (CNVD-2022-69472)

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache Foundation that provides data collection, storage, and analysis services, etc. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0, which stems from vulnerability to session i...

Apache IoTDB Access Control Error Vulnerability

Apache IoTDB is an integrated data management engine designed for time series data from the Apache Foundation that provides data collection, storage, and analysis services, among other things.Apache IoTDB version 0.13.0 contains an access control error vulnerability that stems from the inclusion ...

Insecure Session Management

org.apache.iotdb:iotdb-server uses insecure session management. Lack of proper validation of session ID at checkLogin function allows an attacker to bypass the intended authentication behavior through a session id attack...

org.apache.iotdb:iotdb-distribution (=0.13.0) potentially affected by CVE-2022-38370 via org.apache.iotdb:iotdb-grafana-connector (=0.13.0)

org.apache.iotdb:iotdb-grafana-connector MAVEN version =0.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.iotdb:iotdb-grafana-connector and may be impacted: - org.apache.iotdb:iotdb-distribution =0.13.0 Source cves: CVE-2022-38370 Sourc...

GHSA-G6VM-3CH8-C6JQ Apache IoTDB Session Fixation vulnerability

Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

GHSA-C86F-9GRV-PMQF Apache IoTDB grafana-connector contains an interface without authorization

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue...

Apache IoTDB Session Fixation vulnerability

Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

Apache IoTDB grafana-connector contains an interface without authorization

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue...

CVE-2022-38370

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38369

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38370

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38369

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

Authorization

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

PYSEC-2022-43069

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

PYSEC-2022-43070

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...