8 matches found
CVE-2020-25649
The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...
CVE-2023-24830
CVE-2023-24830 affects Apache IoTDB, specifically the iotdb-web-workbench component (0.13.0 before 0.13.3). The issue is described as an improper authentication vulnerability that can allow a remote attacker to bypass authorization. The most concrete exploitation detail in the connected sources n...
CVE-2022-43766
CVE-2022-43766 affects Apache IoTDB versions 0.12.2–0.12.6 and 0.13.0–0.13.2. The issue is a Denial of Service caused by accepting untrusted REGEXP query patterns when running with Java 8, as described across multiple sources. The fixed release is 0.13.3 or newer, and using a later Java version a...
CVE-2022-38370
The CVE-2022-38370 issue affects the Apache IoTDB grafana-connector, specifically version 0.13.0, where an interface is exposed without authorization and can reveal internal database structures. The vulnerability is mitigated by upgrading to version 0.13.1, which addresses the issue. Connected so...
CVE-2025-26864
Apache IoTDB OpenIdAuthorizer is affected by CVE-2025-26864, allowing exposure of sensitive information to an unauthorized actor via log files. Affected versions are 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. The issue’s root cause is an information leakage into logs, enabling disclosure of sensit...
CVE-2025-26795
CVE-2025-26795 affects Apache IoTDB JDBC driver (iotdb-jdbc) versions 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. Root cause: insertion of sensitive information into log files, leading to exposure to unauthorized actors. Impact is High confidentiality (C:H, I/N/A:N). Affected component is iotdb-jdb...
CVE-2025-48392
Apache IoTDB contains a DoS vulnerability affecting 1.3.3–1.3.4 and 2.0.1-beta–2.0.4. The issue is fixed in 2.0.5. CVSS v3.1 metrics from NVD indicate HIGH impact with Availability loss (A=HIGH) and no confidentiality/integrity impact, network attack vector, low complexity, no auth required. Affe...
CVE-2026-24012
CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...