PyPI: apache-iotdb
CVE-2022-38369
Safety vulnerability ID: SFTY-20220905-83466
Safety legacy ID: pyup.io-62764
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. Alias: GHSA-g6vm-3ch8-c6jq
Overview
Apache IoTDB Session Fixation vulnerability
Advisory
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. Alias: GHSA-g6vm-3ch8-c6jq
How to Fix
Upgrade
apache-iotdb
to0.13.1
or higher.Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20220905-83466/CVE-2022-38369
- http://www.openwall.com/lists/oss-security/2022/09/05/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38369
- https://lists.apache.org/thread/7nk03ywvx3t3yjbcxzt7zy4nyc89y9b0
- https://nvd.nist.gov/vuln/detail/CVE-2022-38369
- https://nvd.nist.gov/vuln/detail/CVE-2022-38369
- https://lists.apache.org/thread/7nk03ywvx3t3yjbcxzt7zy4nyc89y9b0
- http://www.openwall.com/lists/oss-security/2022/09/05/1
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2022-43069.yaml
- https://github.com/advisories/GHSA-g6vm-3ch8-c6jq
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more