Advisories for Maven/Org.apache.iotdb/Iotdb-Confignode package

2025

Apache IoTDB: Deserialization of untrusted Data

Apache IoTDB deserializes data from external inputs without sufficient validation, allowing attacker-controlled serialized objects to be processed. In environments where a compatible gadget chain is reachable, this can be abused to execute arbitrary code or alter server state; at minimum it enables high-impact integrity and confidentiality compromise on the IoTDB process.