Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Log File Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the `OpenIdAuthorizer` component. An attacker can gain access to sensitive data by exploiting the logging mechanism used in this component. How to fix Insertion of Sensitive Information into Log File? Upgrade `org.apache.iotdb:node-commons` to version 1.3.4, 2.0.2 or higher.	[0.10.0,1.3.4)[2.0.1-beta,2.0.2)
H Arbitrary Code Injection Affected versions of this package are vulnerable to Arbitrary Code Injection through the registration of user-defined functions (UDFs) from untrusted sources. An attacker with the privilege to create UDFs can execute arbitrary code by registering a malicious function. How to fix Arbitrary Code Injection? Upgrade `org.apache.iotdb:node-commons` to version 1.3.4 or higher.	[1.0.0,1.3.4)

Insertion of Sensitive Information into Log File

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the OpenIdAuthorizer component. An attacker can gain access to sensitive data by exploiting the logging mechanism used in this component.

How to fix Insertion of Sensitive Information into Log File?

Upgrade org.apache.iotdb:node-commons to version 1.3.4, 2.0.2 or higher.

[0.10.0,1.3.4)[2.0.1-beta,2.0.2)

Arbitrary Code Injection

Affected versions of this package are vulnerable to Arbitrary Code Injection through the registration of user-defined functions (UDFs) from untrusted sources. An attacker with the privilege to create UDFs can execute arbitrary code by registering a malicious function.

How to fix Arbitrary Code Injection?

Upgrade org.apache.iotdb:node-commons to version 1.3.4 or higher.

[1.0.0,1.3.4)

Go back to all versions of this package