Search for packages
| purl | pkg:pypi/apache-iotdb@0.13.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ce4v-q4dk-ckgh
Aliases: CVE-2023-24831 GHSA-pvjv-386f-c8wh PYSEC-2023-7 |
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4. |
Affected by 1 other vulnerability. |
|
VCID-fq17-q73y-2uex
Aliases: CVE-2025-26864 GHSA-5fc3-pqf2-57cx PYSEC-2025-60 |
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-muzv-ckv6-rkfs | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. |
CVE-2023-24830
GHSA-pp4w-9x82-6r47 PYSEC-2023-6 |
| VCID-ubaq-7eg9-nfdq | Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. |
CVE-2022-43766
GHSA-g6hg-4v3c-6jq7 PYSEC-2022-42972 |
| VCID-yhc5-wugj-eqfz | Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. |
CVE-2023-24829
PYSEC-2023-5 |