CVE-2020-1952

Improper Certificate Validation in maven/org.apache.iotdb/iotdb-parent

Identifiers

GHSA-wc6f-cjcp-cc33, CVE-2020-1952

Package Slug

maven/org.apache.iotdb/iotdb-parent

Vulnerability

Improper Certificate Validation

Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Affected Versions

All versions before 0.9.2

Solution

Upgrade to version 0.9.2 or above.

Last Modified

2022-01-11

source