CVE-2020-1952: Improper Certificate Validation

April 27, 2020 (updated May 4, 2020)

When starting IoTDB, the JMX port is exposed with no certification. Then, clients could execute code remotely.

References

lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-1952

Detect and mitigate CVE-2020-1952 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →