Apache-2.0
All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2024-24780 | Affected versions of the Apache IoTDB package are vulnerable to Remote Code Execution due to insufficient validation of User-Defined Function (UDF) registration sources. The UDF registration mechanism… | Critical | – | – | >=1.0.0,<1.3.4 |
| CVE-2023-46226 | Remote Code Execution vulnerability in Apache IoTDB. | Critical | – | – | >=1.0.0,<1.3.0 |
| CVE-2023-24831 | Apache IoTDB Grafana Connector vulnerable to Improper Authentication | Critical | – | – | >= 0.13.0, < 0.13.5 |
| CVE-2023-30771 | Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, … | Critical | – | – | ==0.13.3 |
| CVE-2025-26864 | Affected versions of the Apache IoTDB package are vulnerable to Information Disclosure due to improper handling of sensitive data in log files. The OpenIdAuthorizer component logs sensitive authentica… | High | – | – | >=0.10.0,<1.3.4 >=2.0.1b0,<2.0.2 |
| CVE-2022-43766 | Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 wh… | High | – | – | >=0.12.2,<=0.12.6 >=0.13.0,<=0.13.2 |
| CVE-2022-38369 | Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. Alias: GHSA-g6vm-3ch8-c6jq | High | – | – | <0.13.1 |
| CVE-2025-48459 | Apache IoTDB: Deserialization of untrusted Data | Medium | – | – | >= 1.0.0, < 2.0.5 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.