Haonan Hou

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB versions 0.13.0 through 0.13.4 **Description** The issue is related to the deserialization of untrusted data in Apache IoTDB. Users are advised to upgrade to a fixed version to resolve the issue. **Recommendations** For Apache IoTDB versions 0.13.0 through 0.13.4, upgrade to version 1.2.2, which fixes the issue.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB versions 0.12.2 through 0.12.6 Apache IoTDB versions 0.13.0 through 0.13.2 **Description** The issue is a Denial of Service attack that occurs when Apache IoTDB accepts untrusted patterns for REGEXP queries with Java 8. Users can avoid this issue by upgrading to version 0.13.3 or using a later version of Java. **Recommendations** For Apache IoTDB versions 0.12.2 through 0.12.6, upgrade to version 0.13.3 or use a later version of Java to avoid the Denial of Service attack. For Apache IoTDB versions 0.13.0 through 0.13.2, upgrade to version 0.13.3 or use a later version of Java to avoid the Denial of Service attack.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB version 0.13.0 **Description** The issue is related to a session id attack. Users should upgrade to version 0.13.1 to address this issue. **Recommendations** For Apache IoTDB version 0.13.0, upgrade to version 0.13.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB grafana-connector version 0.13.0 **Description** The issue is related to an interface without authorization in the Apache IoTDB grafana-connector, which may expose the internal structure of a database. **Recommendations** For Apache IoTDB grafana-connector version 0.13.0, upgrade to version 0.13.1 to address the issue.