GHSA-rxgg-273w-rfw7

Source

https://github.com/advisories/GHSA-rxgg-273w-rfw7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rxgg-273w-rfw7/GHSA-rxgg-273w-rfw7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rxgg-273w-rfw7

Aliases

Published

2024-01-15T12:30:19Z

Modified

2025-06-20T22:34:36.947368Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
8.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Remote Code Execution vulnerability in Apache IoTDB via UDF

Details

Remote Code Execution vulnerability in Apache IoTDB. This issue affects Apache IoTDB from 1.0.0 through 1.2.2.

Users are recommended to upgrade to version 1.3.0, which fixes the issue.

Database specific

{
    "severity": "HIGH",
    "github_reviewed_at": "2024-01-16T20:45:55Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2024-01-15T11:15:07Z"
}

References

Affected packages

Maven / org.apache.iotdb:iotdb-core

Package

Name: org.apache.iotdb:iotdb-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.iotdb/iotdb-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.3.0

Database specific

{
    "last_known_affected_version_range": "<= 1.2.2"
}

PyPI / apache-iotdb

Package

Name: apache-iotdb; View open source insights on deps.dev
Purl: pkg:pypi/apache-iotdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.3.0

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.2

1.2.0

1.2.1