Maven package
org.apache.iotdb/iotdb-parent
pkg:maven/org.apache.iotdb/iotdb-parent
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-51656 | — | >= 0.13.0, < 1.2.2 | 1.2.2 | Dec 21, 2023 | Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | ||
| CVE-2023-24830 | — | >= 0.13.0, < 0.13.3 | 0.13.3 | Jan 30, 2023 | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | ||
| CVE-2020-1952 | — | < 0.9.2 | 0.9.2 | Apr 27, 2020 | An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely. |
- CVE-2023-51656Dec 21, 2023affected >= 0.13.0, < 1.2.2fixed 1.2.2
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
- CVE-2023-24830Jan 30, 2023affected >= 0.13.0, < 0.13.3fixed 0.13.3
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
- CVE-2020-1952Apr 27, 2020affected < 0.9.2fixed 0.9.2
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.