CVE-2023-51656

CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.6%

top 31.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Iotdb Apache Iotdb

Timeline

PublishedDec 21

Description

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.iotdb:iotdb-parent0.13.0 — 1.2.2

▶NVDapache/iotdb0.13.0 — 0.13.4

▶CVEListV5apache_software_foundation/apache_iotdb0.13.0 — 0.13.4

🔴Vulnerability Details

CVEList

Apache IoTDB: Unsafe deserialize map in Sync Tool↗2023-12-21

▶

GHSA

Apache IoTDB: Unsafe deserialize map in Sync Tool↗2023-12-21

▶

OSV

Apache IoTDB: Unsafe deserialize map in Sync Tool↗2023-12-21

▶