iotdb icon indicating copy to clipboard operation
iotdb copied to clipboard
verified publisher icon apache

IoTDB1.2.2版本存在评分7.0以上漏洞

Open darcy168 opened this issue 1 year ago • 3 comments

我们项目中使用的是IoTDB 1.2.2版本,经过扫描发现该版本存在很多 cvss 评分为7.0以上的漏洞,请参考附图,谢谢。 IoTDB-1 2 2版本评分7 0以上漏洞记录

darcy168 avatar Dec 28 '23 05:12 darcy168

Hi, this is your first issue in IoTDB project. Thanks for your report. Welcome to join the community!

github-actions[bot] avatar Dec 28 '23 05:12 github-actions[bot]

netty相关的依赖在1.3.0里已经更新为4.1.97 版本了 https://github.com/apache/iotdb/blob/fe787cac2ddd874b44482a80306d9d6ae333143c/pom.xml#L137

HTHou avatar Dec 28 '23 10:12 HTHou

ratis-thirdparty-misc 在 1.3.1 版本里会更新到 1.0.5 版本

https://github.com/apache/iotdb/blob/209bb6999a1cf4a5efe2318787eeddf87b446790/pom.xml#L147

HTHou avatar Jan 03 '24 02:01 HTHou