Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-24780

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.

Published

2025-05-14T11:15:47.683

Last Modified

2025-07-01T19:21:39.177

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	iotdb	< 1.3.4	Yes

References

https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/05/14/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)