Path traversal in Apache IoTDB (versions 1.0.0–1.3.5 and 2.0.0–2.0.5) lets remote unauthenticated attackers reference files outside the intended directory using crafted '../' sequences in a pathname, yielding high-impact disclosure and modification of files (C:H/I:H). With a CVSS 3.1 score of 9.1 and PR:N/UI:N, the flaw is exploitable over the network against affected instances with no credentials or user interaction. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.
Path Traversal
Apache
Apache Iotdb
NVD
CVSS 3.1
9.1
EPSS
0.4%
Prev
Page 2 of 2