CVE-2023-46226 – apache-iotdb

Package

Manager: pip
Name: apache-iotdb
Vulnerable Version: >=1.0.0 <1.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.05023 pctl0.8932

Details

Remote Code Execution vulnerability in Apache IoTDB via UDF Remote Code Execution vulnerability in Apache IoTDB. This issue affects Apache IoTDB from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

Metadata

Created: 2024-01-15T12:30:19Z
Modified: 2025-06-20T22:17:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rxgg-273w-rfw7/GHSA-rxgg-273w-rfw7.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-rxgg-273w-rfw7
Finding: F422
Auto approve: 1