GHSA-g6vm-3ch8-c6jq

Suggest an improvement
Source
https://github.com/advisories/GHSA-g6vm-3ch8-c6jq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-g6vm-3ch8-c6jq/GHSA-g6vm-3ch8-c6jq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g6vm-3ch8-c6jq
Aliases
  • CVE-2022-38369
Published
2022-09-06T00:00:27Z
Modified
2023-11-08T04:10:11.802194Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache IoTDB Session Fixation vulnerability
Details

Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

References

Affected packages

Maven / org.apache.iotdb:iotdb-server

Package

Name
org.apache.iotdb:iotdb-server
View open source insights on deps.dev
Purl
pkg:maven/org.apache.iotdb/iotdb-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.1

Affected versions

0.*

0.8.0
0.8.1
0.8.2
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.12.6
0.13.0

PyPI / apache-iotdb

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.1

Affected versions

0.*

0.9.0
0.9.2
0.9.3
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.12.6
0.13.0
0.13.0.post1