PYSEC-2025-59

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-59.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2025-59

Aliases

CVE-2024-24780
GHSA-f4rq-f4j9-f6rm

Published

2025-05-14T11:15:47Z

Modified

2025-07-01T21:42:03.609244Z

Summary

[none]

Details

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.

This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.

Users are recommended to upgrade to version 1.3.4, which fixes the issue.

References

https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj
http://www.openwall.com/lists/oss-security/2025/05/14/2

Affected packages

PyPI / apache-iotdb

Package

Name: apache-iotdb; View open source insights on deps.dev
Purl: pkg:pypi/apache-iotdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.3.4

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.2

1.2.0

1.2.1

1.3.0

1.3.2

1.3.2.post0

1.3.3