Apache IoTDB 远程代码执行漏洞:不受信任的 URI 用户定义函数
Apache IoTDB 存在远程代码执行漏洞(CVE-2024-24780),影响 1.0.0 至 1.3.4 版本。攻击者可利用不可信 URI 注册恶意 UDF。建议升级至 1.3.4 修复。 2025-5-14 02:46:0 Author: seclists.org(查看原文) 阅读量:15 收藏
Apache IoTDB 存在远程代码执行漏洞(CVE-2024-24780),影响 1.0.0 至 1.3.4 版本。攻击者可利用不可信 URI 注册恶意 UDF。建议升级至 1.3.4 修复。 2025-5-14 02:46:0 Author: seclists.org(查看原文) 阅读量:15 收藏
oss-sec mailing list archives
From: Haonan Hou <haonan () apache org>
Date: Wed, 14 May 2025 01:32:24 +0000
Severity: moderate Affected versions: - Apache IoTDB 1.0.0 before 1.3.4 Description: Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. Credit: Y4 tacker (finder) Nbxiglk (finder) References: https://iotdb.apache.org https://www.cve.org/CVERecord?id=CVE-2024-24780
Current thread:
- CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou (May 13)
文章来源: https://seclists.org/oss-sec/2025/q2/140
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh