—

PYSEC-2023-5

Details

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / apache-iotdb

Introduced in: 0.13.0 Fixed in: 0.13.3

Fix pip install --upgrade 'apache-iotdb>=0.13.3'

References

https://lists.apache.org/thread/l0b59hh046tyn4gqot0bdrpg8gxlksmo [ADVISORY]