CVE-2023-46226: Remote Code Execution vulnerability in Apache IoTDB via UDF

January 15, 2024 (updated February 13, 2025)

Remote Code Execution vulnerability in Apache IoTDB. This issue affects Apache IoTDB from 1.0.0 through 1.2.2.

Users are recommended to upgrade to version 1.3.0, which fixes the issue.

References

github.com/advisories/GHSA-rxgg-273w-rfw7
github.com/apache/iotdb
github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2024-11.yaml
lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg
nvd.nist.gov/vuln/detail/CVE-2023-46226

Code Behaviors & Features

Detect and mitigate CVE-2023-46226 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →