4Ra1N Of

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB versions 0.12.2 through 0.12.6 Apache IoTDB versions 0.13.0 through 0.13.2 **Description** The issue is a Denial of Service attack that occurs when Apache IoTDB accepts untrusted patterns for REGEXP queries with Java 8. Users can avoid this issue by upgrading to version 0.13.3 or using a later version of Java. **Recommendations** For Apache IoTDB versions 0.12.2 through 0.12.6, upgrade to version 0.13.3 or use a later version of Java to avoid the Denial of Service attack. For Apache IoTDB versions 0.13.0 through 0.13.2, upgrade to version 0.13.3 or use a later version of Java to avoid the Denial of Service attack.

**Name of the Vulnerable Software and Affected Versions** Apache InLong versions prior to 1.3.0 **Description** The issue is related to the deserialization of untrusted data in the MySQL JDBC connection URL parameters, potentially leading to Remote Code Execution on the Apache InLong server. An attacker with sufficient privileges to specify these parameters and write arbitrary data to the MySQL database could exploit this issue. **Recommendations** For versions prior to 1.3.0, upgrade to Apache InLong 1.3.0 or newer. As a temporary workaround, consider restricting access to the MySQL database and limiting privileges to specify MySQL JDBC connection URL parameters until a patch is applied.