CVE-2022-38369: Apache IoTDB Session Fixation vulnerability

September 6, 2022 (updated November 21, 2024)

Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

References

github.com/advisories/GHSA-g6vm-3ch8-c6jq
github.com/apache/iotdb
github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2022-43069.yaml
lists.apache.org/thread/7nk03ywvx3t3yjbcxzt7zy4nyc89y9b0
nvd.nist.gov/vuln/detail/CVE-2022-38369

Detect and mitigate CVE-2022-38369 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →