Y4 Tacker

Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 1.0.0 through 1.3.3 Description: The issue is related to a Remote Code Execution vulnerability with untrusted URI of UDF in Apache IoTDB. An attacker with privilege to create UDF can register a malicious function from an untrusted URI. Recommendations: For Apache IoTDB versions 1.0.0 through 1.3.3, upgrade to version 1.3.4, which fixes the issue. As a temporary workaround, consider restricting the creation of UDFs to trusted sources until the upgrade is applied.