CVE-2024-24780

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-24780
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24780.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-24780
Aliases
Published
2025-05-14T11:15:47Z
Modified
2025-07-02T09:57:33.821173Z
Summary
[none]
Details

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.

This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.

Users are recommended to upgrade to version 1.3.4, which fixes the issue.

References

Affected packages

Git / github.com/apache/iotdb

Affected ranges

Type
GIT
Repo
https://github.com/apache/iotdb
Events
Introduced
fbbca3ffa3d54b2757c22502f7211b5a2be72c96
Fixed
1e88013f3463c99ff81f244eb612e178582e82f5

Affected versions

Other

before-moving-extras

v1.*

v1.0.0