Malicious code in apache-iotdb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff74a911454d2bde3e33e6b60e2dbf0fd679cda9731532351e3766b912c3473 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4430 Malicious code in apache-iotdb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff74a911454d2bde3e33e6b60e2dbf0fd679cda9731532351e3766b912c3473 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-36448

UNSUPPORTED WHEN ASSIGNED Server-Side Request Forgery SSRF vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restri...

CVE-2023-24831

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4...

CVE-2023-24829

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....

CVE-2023-24830

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...

CVE-2022-43766

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

Sensitive Information Exposure

org.apache.iotdb, iotdb-jdbc is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper sanitization and logging of sensitive information in the Apache IoTDB JDBC driver. Specifically, sensitive data such as credentials or query contents may be inadvertently written to...

CVE-2025-26795

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...

CVE-2024-24780

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

CVE-2025-26864

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=0.14.0-preview1 <=1.3.3) +18 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=0.14.0-preview1 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =0.14.0-preview1, =1.1.2, =0.14.0-preview1, =1.2.2, =1.2.2, =0.14.0-preview1, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview2, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =1.3.0, =1.3....

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=0.14.0-preview1 <=1.3.3) +18 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=0.14.0-preview1 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =0.14.0-preview1, =1.1.2, =0.14.0-preview1, =1.2.2, =1.2.2, =0.14.0-preview1, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview2, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =1.3.0, =1.3....

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2024-24780 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176116...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...

anylearn (>=0.20.5 <=0.20.7rc3), iotdb-session-0-10-1 (>=0.1.0 <=0.1.5) +1 more potentially affected by CVE-2025-26864 via apache-iotdb (>=0.10.1 <=1.3.2.post0)

apache-iotdb PYPI version =0.10.1, =0.20.5, =0.1.0, =0.0.1, =0.0.4 Source cves: CVE-2025-26864 Source advisory: OSV:GHSA-5FC3-PQF2-57CX...

org.apache.iotdb:customize-mqtt-example (>=0.13.0 <=1.3.3), org.apache.iotdb:influxdb-protocol (>=0.14.0-preview1 <=1.1.2) +15 more potentially affected by CVE-2025-26795 via org.apache.iotdb:iotdb-server (>=0.10.0 <=1.3.3)

org.apache.iotdb:iotdb-server MAVEN version =0.10.0, =0.13.0, =0.14.0-preview1, =0.14.0-preview3, =0.13.0, =0.14.0-preview2, =0.14.0-preview2, =0.12.0, =0.14.0-preview1, =0.8.0, =0.14.0-preview1, =1.3.0, =0.14.0-preview2, =0.12.6, =0.14.0-preview1, =1.0.0, =1.1.2 and more Source cves:...

org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3), org.apache.iotdb:influxdb-protocol (>=1.0.0 <=1.1.2) +12 more potentially affected by CVE-2024-24780 via org.apache.iotdb:iotdb-server (>=1.0.0 <=1.3.3)

org.apache.iotdb:iotdb-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.3 Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176115...

org.apache.iotdb:customize-mqtt-example (=2.0.1-beta), org.apache.iotdb:integration-test (=2.0.1-beta) +5 more potentially affected by CVE-2025-26795 via org.apache.iotdb:iotdb-server (=2.0.1-beta)

org.apache.iotdb:iotdb-server MAVEN version =2.0.1-beta is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.iotdb:iotdb-server and may be impacted: - org.apache.iotdb:customize-mqtt-example =2.0.1-beta - org.apache.iotdb:integration-test...