Remote Code Execution Vulnerability in Apache IoTDB
CVE-2024-24780
9.8CRITICAL
What is CVE-2024-24780?
A vulnerability in Apache IoTDB enables an attacker with privileges to create User Defined Functions (UDF) to register malicious functions sourced from untrusted URIs. This could lead to potentially harmful actions being executed within the IoTDB environment. Users should promptly upgrade to version 1.3.4 to mitigate this vulnerability.
Affected Version(s)
Apache IoTDB 1.0.0 < 1.3.4