VulnerableCode Package Details - pkg:maven/org.apache.iotdb/iotdb-core@1.3.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.iotdb/iotdb-core@1.3.3

Essentials
History (5)

purl	pkg:maven/org.apache.iotdb/iotdb-core@1.3.3

Next non-vulnerable version	2.0.7
Latest non-vulnerable version	2.0.7
Risk	4.5

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-g6qa-mu8d-2uhc Aliases: CVE-2024-24780 GHSA-f4rq-f4j9-f6rm PYSEC-2025-59	Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.	1.3.4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gtes-ey5n-7bhg Aliases: CVE-2026-24713 GHSA-6w48-2g9j-v9q5	Apache IoTDB has an Improper Input Validation vulnerability Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.	1.3.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.0.7 Affected by 0 other vulnerabilities.
VCID-jgju-cgt1-eqaa Aliases: CVE-2025-48392 GHSA-vx84-xvr8-w24c	Apache IoTDB: DoS Vulnerability A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue.	2.0.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jrqf-tcrk-xfev Aliases: CVE-2026-24015 GHSA-74cf-pgh9-m5q2	Apache IoTDB has an Insecure Default Configuration Vulnerability A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.	1.3.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.0.7 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T07:15:44.734163+00:00	GitLab Importer	Affected by	VCID-jrqf-tcrk-xfev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-core/CVE-2026-24015.yml	38.6.0
2026-06-06T07:15:25.654651+00:00	GitLab Importer	Affected by	VCID-gtes-ey5n-7bhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-core/CVE-2026-24713.yml	38.6.0
2026-06-06T05:49:39.145607+00:00	GitLab Importer	Affected by	VCID-g6qa-mu8d-2uhc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-core/CVE-2024-24780.yml	38.6.0
2026-06-05T21:50:22.999718+00:00	GHSA Importer	Affected by	VCID-jgju-cgt1-eqaa	https://github.com/advisories/GHSA-vx84-xvr8-w24c	38.6.0
2026-06-02T04:47:57.254475+00:00	GitLab Importer	Affected by	VCID-jgju-cgt1-eqaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-core/CVE-2025-48392.yml	38.6.0