CVE-2024-24780

CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Vendor Apache Software Foundation

Product Apache IoTDB

Published May 14, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.

Key dates

Disclosure timeline

May 14, 2025 CVE published

February 26, 2026 Record updated