Denial Of Service(DoS)

2022-10-2705:13:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache iotdb

denial of service

regexp queries

java 8

0.002 Low

EPSS

Percentile

55.2%

JSON

Apache IoTDB is vulnerable to denial of service. The vulnerability exists in multiple functions due to untrusted patterns for REGEXP queries which allows an attacker to crash the application via malicious input. This vulnerability is only applicable to Java 8.

CPENameOperatorVersion
apache iotdb project parent pomle0.13.2
apache iotdb project parent pomle0.12.6
apache iotdb project parent pomle0.14.0-preview3
tsfilele0.13.2
tsfilele0.12.6
tsfilele0.14.0-preview3
iotdb serverle0.13.2
iotdb serverle0.12.6
iotdb serverle0.14.0-preview3
apache iotdb project parent pomle0.13.2

Name	Operator	Version
apache iotdb project parent pom	le	0.13.2
apache iotdb project parent pom	le	0.12.6
apache iotdb project parent pom	le	0.14.0-preview3
tsfile	le	0.13.2
tsfile	le	0.12.6
tsfile	le	0.14.0-preview3
iotdb server	le	0.13.2
iotdb server	le	0.12.6
iotdb server	le	0.14.0-preview3
apache iotdb project parent pom	le	0.13.2