[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP
From:       Haonan Hou <haonan () apache ! org>
Date:       2022-10-26 9:42:11
Message-ID: cf6b94a8-3d08-887a-7826-b59d534a1aaa () apache ! org
[Download RAW message or body]

Severity: low

Description:

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable by =
the attack of REGEXP query with Java8. Users should upgrade to 0.13.3 which=
 addresses this issue or use a later version of Java to avoid it.

[prev in list] [next in list] [prev in thread] [next in thread]