Primary

Context

Apache IoTDB Improper Input Validation Vulnerability

Vulnerability

Patched

A vulnerability allowing JEXL expression injection has been identified in Apache IoTDB. This issue arises from improper input validation and affects Apache IoTDB versions 1.0.0 prior to 1.3.7 and 2.0.0 prior to 2.0.7. Users are advised to upgrade to versions 1.3.7 or 2.0.7, which address this vulnerability.

Impact

Exploitation of this vulnerability allows for JEXL expression injection, which could lead to arbitrary code execution or manipulation of application logic, depending on the context in which the JEXL expressions are evaluated.

Remediation

Users should upgrade to Apache IoTDB version 1.3.7 or 2.0.7.

Added: Mar 9, 2026, 9:17 AM

Updated: Mar 9, 2026, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

4.9

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

4.9

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache IoTDB Improper Input Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache IoTDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating