apache-iotdb
PyPI10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting apache-iotdbpage 1 of 1
- CVE-2022-38369HIGHCVSS 8.8EG 8.8✓ Fixed in 0.13.12022-09-05
vulnerable: 0.10.0 ... 0.9.3 (19 versions)
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
- CVE-2022-43766HIGHCVSS 7.5EG 7.5✓ Fixed in 0.13.02022-10-26
vulnerable: 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later…
- CVE-2023-24829HIGHCVSS 8.8EG 8.8✓ Fixed in 0.13.32023-01-31
vulnerable: 0.13.0, 0.13.0.post1, 0.13.1, 0.13.2
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console…
- CVE-2023-24830HIGHCVSS 7.5EG 7.5✓ Fixed in 0.13.32023-01-30
vulnerable: 0.13.0, 0.13.0.post1, 0.13.1, 0.13.2
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
- CVE-2023-24831CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.13.52023-04-17
vulnerable: 0.13.0, 0.13.0.post1, 0.13.1, 0.13.2, 0.13.3
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.
- CVE-2023-30771CRITICALCVSS 9.8EG 9.82023-04-17
vulnerable: 0.10.0 ... 2.0.5 (42 versions)
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database…
- CVE-2023-46226CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.02024-01-15
vulnerable: 1.0.0 ... 1.2.1 (6 versions)
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
- CVE-2024-24780CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.42025-05-14
vulnerable: 1.0.0 ... 1.3.3 (10 versions)
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. U…
- CVE-2025-26864HIGHCVSS 7.5EG 7.5✓ Fixed in 1.3.42025-05-14
vulnerable: 0.10.0 ... 1.3.3 (32 versions)
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-bet…
- CVE-2025-48459MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.0.52025-09-24
vulnerable: 1.0.0 ... 2.0.4.dev0 (16 versions)
Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.
Check whether apache-iotdb is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-iotdb CVEs against the assets you own.
Start Free Scan →