GHSA-wc6f-cjcp-cc33, CVE-2020-1952
maven/org.apache.iotdb/iotdb-parent
Improper Certificate Validation
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
All versions before 0.9.2
Upgrade to version 0.9.2 or above.
2022-01-11
source |