CVE-2024-24780
Apache IoTDB Vulnerable to Remote Code Execution
9.8
CRITICAL
CVSS 3.1
EPSS 1.6%
Description
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.
How to fix CVE-2024-24780
To remediate CVE-2024-24780, upgrade the affected package to a fixed version below.
- —upgrade to 1.3.4 or later
- —upgrade to 1.3.4 or later
- —upgrade to 1.3.4 or later
Is CVE-2024-24780 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 1.0.0, < 1.3.4
- >= 1.0.0, < 1.3.4
- >= 1.0.0, < 1.3.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |