CVE-2024-24780 | THREATINT

Description

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.

PUBLISHED Reserved 2024-01-30 | Published 2025-05-14 | Updated 2026-02-26 | Assigner apache

Problem types

Remote Code Execution with untrusted URI of User-defined function

Product status

Default status

unaffected

1.0.0 (semver) before 1.3.4

affected

Credits

Y4 tacker finder

Nbxiglk finder

References

www.openwall.com/lists/oss-security/2025/05/14/2

lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj vendor-advisory

cve.org (CVE-2024-24780)

nvd.nist.gov (CVE-2024-24780)

Download JSON