VYPR

PyPI package

apache-iotdb

pkg:pypi/apache-iotdb

Vulnerabilities (7)

  • CVE-2025-48459Sep 24, 2025
    affected >= 1.0.0, < 2.0.5fixed 2.0.5

    Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

  • CVE-2025-26864May 14, 2025
    affected >= 0.10.0, < 1.3.4fixed 1.3.4

    Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to

  • CVE-2024-24780May 14, 2025
    affected >= 1.0.0, < 1.3.4fixed 1.3.4

    Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version

  • CVE-2023-46226CriJan 15, 2024
    affected >= 1.0.0, < 1.3.0fixed 1.3.0

    Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

  • CVE-2023-24831CriApr 17, 2023
    affected >= 0.13.0, < 0.13.5fixed 0.13.5

    Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.

  • CVE-2022-43766HigOct 26, 2022
    affected >= 0.12.2, < 0.13.3fixed 0.13.3

    Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.

  • CVE-2022-38369HigSep 5, 2022
    affected < 0.13.1fixed 0.13.1

    Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.