Search for packages
| purl | pkg:maven/org.apache.iotdb/iotdb-server@0.12.4 |
| Next non-vulnerable version | 0.14.0-preview1 |
| Latest non-vulnerable version | 1.3.0 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jfvv-nbyj-17gn
Aliases: CVE-2022-38369 GHSA-g6vm-3ch8-c6jq PYSEC-2022-43069 |
Apache IoTDB Session Fixation vulnerability |
Affected by 5 other vulnerabilities. |
|
VCID-ubaq-7eg9-nfdq
Aliases: CVE-2022-43766 GHSA-g6hg-4v3c-6jq7 PYSEC-2022-42972 |
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T18:38:04.613679+00:00 | GitLab Importer | Affected by | VCID-ubaq-7eg9-nfdq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2022-43766.yml | 38.6.0 |
| 2026-06-12T18:31:11.796051+00:00 | GitLab Importer | Affected by | VCID-jfvv-nbyj-17gn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2022-38369.yml | 38.6.0 |