Search for packages
| purl | pkg:pypi/apache-iotdb@0.13.0.post1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2t9e-mbwd-zybn
Aliases: CVE-2022-38369 GHSA-g6vm-3ch8-c6jq PYSEC-2022-43069 |
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. |
Affected by 5 other vulnerabilities. |
|
VCID-5xmw-u38h-4yhs
Aliases: CVE-2025-26864 GHSA-5fc3-pqf2-57cx PYSEC-2025-60 |
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-dh97-ydsf-8ken
Aliases: CVE-2023-24831 GHSA-pvjv-386f-c8wh PYSEC-2023-7 |
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4. |
Affected by 1 other vulnerability. |
|
VCID-egqv-s8yr-7ybs
Aliases: CVE-2023-24830 GHSA-pp4w-9x82-6r47 PYSEC-2023-6 |
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3. |
Affected by 2 other vulnerabilities. |
|
VCID-mhq7-q537-sue2
Aliases: CVE-2023-24829 PYSEC-2023-5 |
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. |
Affected by 2 other vulnerabilities. |
|
VCID-ybcb-w79y-p3ga
Aliases: CVE-2022-43766 GHSA-g6hg-4v3c-6jq7 PYSEC-2022-42972 |
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||