Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.iotdb:flink-tsfile-connector(Maven) | 0.12.2 | 0.13.3 | N/A |
| apache-iotdb(PyPI) | 0.12.2 | 0.13.3 | N/A |
| org.apache.iotdb:iotdb-server(Maven) | 0.12.2 | 0.13.3 | N/A |
| org.apache.iotdb:tsfile(Maven) | 0.12.2 | 0.13.3 | N/A |
CVSS Metrics
