Maven package
org.apache.iotdb/iotdb-core
pkg:maven/org.apache.iotdb/iotdb-core
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24713 | — | >= 1.0.0, < 1.3.7 | 1.3.7 | Mar 9, 2026 | Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue. | ||
| CVE-2026-24015 | — | >= 1.0.0, < 1.3.7 | 1.3.7 | Mar 9, 2026 | A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue. | ||
| CVE-2025-48392 | — | >= 1.3.3, < 2.0.5 | 2.0.5 | Sep 24, 2025 | A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue. | ||
| CVE-2024-24780 | — | >= 1.0.0, < 1.3.4 | 1.3.4 | May 14, 2025 | Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version | ||
| CVE-2023-46226 | Cri | 9.8 | >= 1.0.0, < 1.3.0 | 1.3.0 | Jan 15, 2024 | Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. |
- CVE-2026-24713Mar 9, 2026affected >= 1.0.0, < 1.3.7fixed 1.3.7
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
- CVE-2026-24015Mar 9, 2026affected >= 1.0.0, < 1.3.7fixed 1.3.7
A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
- CVE-2025-48392Sep 24, 2025affected >= 1.3.3, < 2.0.5fixed 2.0.5
A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue.
- CVE-2024-24780May 14, 2025affected >= 1.0.0, < 1.3.4fixed 1.3.4
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version
- affected >= 1.0.0, < 1.3.0fixed 1.3.0
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.