PYSEC-2025-60

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2025-60

Aliases

Published

2025-05-14T11:16:28Z

Modified

2025-07-01T21:42:02.330894Z

Summary

[none]

Details

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.

This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

References

Affected packages

PyPI / apache-iotdb

Package

Name: apache-iotdb; View open source insights on deps.dev
Purl: pkg:pypi/apache-iotdb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.10.0

Fixed

1.3.4

Affected versions

0.*

0.10.0

0.10.1

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.12.0

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.13.0

0.13.0.post1

0.13.1

0.13.2

0.13.3

0.13.5

0.13.5.1

0.14.0rc1

1.*

1.0.0

1.0.1

1.1.0

1.1.2

1.2.0

1.2.1

1.3.0

1.3.2

1.3.2.post0

1.3.3