PyPI: apache-iotdb

CVE-2023-46226

Safety vulnerability ID: SFTY-20240115-85305

Safety legacy ID: pyup.io-70407

Remote Code Execution vulnerability in Apache IoTDB.

PyPI

NVD

GHSA

Created at: Nov 6, 2025Updated at: Nov 6, 2025

Overview

Remote Code Execution vulnerability in Apache IoTDB via UDF

Advisory

Remote Code Execution vulnerability in Apache IoTDB.

Affected Package

Affecting apache-iotdb package, versions

>=1.0.0,<1.3.0

Also affects

---

How to Fix

Upgrade

apache-iotdb

1.3.0

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20240115-85305/CVE-2023-46226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46226
https://nvd.nist.gov/vuln/detail/CVE-2023-46226
https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg
http://www.openwall.com/lists/oss-security/2024/01/15/1
https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2024-11.yaml
https://github.com/advisories/GHSA-rxgg-273w-rfw7

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more