Apache IoTDB: Remote Code Execution (RCE) risk via the UDF
CVE-2023-46226
9.8CRITICAL
What is CVE-2023-46226?
A vulnerability in Apache IoTDB allows remote attackers to execute arbitrary code on the target server due to improper handling of user input. This issue affects multiple versions, specifically from 1.0.0 through 1.2.2. Users are strongly encouraged to upgrade to version 1.3.0 or later, where this vulnerability has been resolved, ensuring the protection of their systems against potential malicious exploits.
Affected Version(s)
Apache IoTDB 1.0.0 <= 1.2.2