VYPR

Maven package

org.apache.iotdb/iotdb-server

pkg:maven/org.apache.iotdb/iotdb-server

Vulnerabilities (2)

  • CVE-2022-43766HigOct 26, 2022
    affected >= 0.12.2, < 0.13.3fixed 0.13.3

    Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.

  • CVE-2022-38369HigSep 5, 2022
    affected < 0.13.1fixed 0.13.1

    Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.