VulnerableCode Package Details - pkg:maven/org.apache.iotdb/iotdb-server@0.13.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ce4v-q4dk-ckgh Aliases: CVE-2023-24831 GHSA-pvjv-386f-c8wh PYSEC-2023-7	Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.	0.13.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-muzv-ckv6-rkfs Aliases: CVE-2023-24830 GHSA-pp4w-9x82-6r47 PYSEC-2023-6	Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.	0.13.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n2yk-mbca-tfh5 Aliases: CVE-2023-51656 GHSA-f23h-52hj-99p6		0.14.0-preview1 Affected by 0 other vulnerabilities.
VCID-ubaq-7eg9-nfdq Aliases: CVE-2022-43766 GHSA-g6hg-4v3c-6jq7 PYSEC-2022-42972	Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.	0.13.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yhc5-wugj-eqfz Aliases: CVE-2023-24829 PYSEC-2023-5	Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.	0.13.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ce4v-q4dk-ckgh
Aliases:
CVE-2023-24831
GHSA-pvjv-386f-c8wh
PYSEC-2023-7

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.

0.13.4
Affected by 1 other vulnerability.

VCID-muzv-ckv6-rkfs
Aliases:
CVE-2023-24830
GHSA-pp4w-9x82-6r47
PYSEC-2023-6

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.

0.13.3
Affected by 2 other vulnerabilities.

VCID-n2yk-mbca-tfh5
Aliases:
CVE-2023-51656
GHSA-f23h-52hj-99p6

0.14.0-preview1
Affected by 0 other vulnerabilities.

VCID-ubaq-7eg9-nfdq
Aliases:
CVE-2022-43766
GHSA-g6hg-4v3c-6jq7
PYSEC-2022-42972

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.

0.13.3
Affected by 2 other vulnerabilities.

VCID-yhc5-wugj-eqfz
Aliases:
CVE-2023-24829
PYSEC-2023-5

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

0.13.3
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jfvv-nbyj-17gn	Apache IoTDB Session Fixation vulnerability	CVE-2022-38369 GHSA-g6vm-3ch8-c6jq PYSEC-2022-43069
VCID-t9sz-vc2s-z7h5	Apache IoTDB grafana-connector contains an interface without authorization	CVE-2022-38370 GHSA-c86f-9grv-pmqf

Vulnerability

Summary

Aliases

VCID-jfvv-nbyj-17gn

Apache IoTDB Session Fixation vulnerability

CVE-2022-38369
GHSA-g6vm-3ch8-c6jq
PYSEC-2022-43069

VCID-t9sz-vc2s-z7h5

Apache IoTDB grafana-connector contains an interface without authorization

CVE-2022-38370
GHSA-c86f-9grv-pmqf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:15:12.203019+00:00	GitLab Importer	Affected by	VCID-n2yk-mbca-tfh5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2023-51656.yml	38.6.0
2026-06-12T18:52:14.279718+00:00	GitLab Importer	Affected by	VCID-ce4v-q4dk-ckgh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2023-24831.yml	38.6.0
2026-06-12T18:45:18.606118+00:00	GitLab Importer	Affected by	VCID-yhc5-wugj-eqfz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2023-24829.yml	38.6.0
2026-06-12T18:45:14.311043+00:00	GitLab Importer	Affected by	VCID-muzv-ckv6-rkfs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2023-24830.yml	38.6.0
2026-06-12T18:38:04.631525+00:00	GitLab Importer	Affected by	VCID-ubaq-7eg9-nfdq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2022-43766.yml	38.6.0
2026-06-12T18:31:11.813263+00:00	GitLab Importer	Fixing	VCID-jfvv-nbyj-17gn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2022-38369.yml	38.6.0
2026-06-12T18:31:07.214981+00:00	GitLab Importer	Fixing	VCID-t9sz-vc2s-z7h5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.iotdb/iotdb-server/CVE-2022-38370.yml	38.6.0
2026-06-12T08:13:46.842090+00:00	GithubOSV Importer	Fixing	VCID-jfvv-nbyj-17gn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-g6vm-3ch8-c6jq/GHSA-g6vm-3ch8-c6jq.json	38.6.0
2026-06-11T20:32:11.582766+00:00	GHSA Importer	Fixing	VCID-jfvv-nbyj-17gn	https://github.com/advisories/GHSA-g6vm-3ch8-c6jq	38.6.0