—

PYSEC-2023-8

Details

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.

This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / apache-iotdb

Introduced in: 0

No fixed version published yet for apache-iotdb (pip). Pin to a known-safe version or switch to an alternative.

References

https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb [ADVISORY]
http://www.openwall.com/lists/oss-security/2023/04/18/7 [ARTICLE]