CVE-2020-1952: Improper Certificate Validation

January 6, 2022

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

References

github.com/advisories/GHSA-wc6f-cjcp-cc33
nvd.nist.gov/vuln/detail/CVE-2020-1952

Detect and mitigate CVE-2020-1952 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →