Maven package
org.apache.iotdb/iotdb-server
pkg:maven/org.apache.iotdb/iotdb-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43766 | Hig | 7.5 | >= 0.12.2, < 0.13.3 | 0.13.3 | Oct 26, 2022 | Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. | |
| CVE-2022-38369 | Hig | 8.8 | < 0.13.1 | 0.13.1 | Sep 5, 2022 | Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. |
- affected >= 0.12.2, < 0.13.3fixed 0.13.3
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
- affected < 0.13.1fixed 0.13.1
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.