You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Haonan Hou <ha...@apache.org> on 2022/10/26 09:42:11 UTC

CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP

Severity: low

Description:

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable by the attack of REGEXP query with Java8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.