{"id":"PYSEC-2022-42972","details":"Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.","aliases":["CVE-2022-43766","GHSA-g6hg-4v3c-6jq7"],"modified":"2023-11-08T04:10:46.722728Z","published":"2022-10-26T16:15:00Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn"}],"affected":[{"package":{"name":"apache-iotdb","ecosystem":"PyPI","purl":"pkg:pypi/apache-iotdb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.13.0"},{"fixed":"0.14.0rc1"},{"introduced":"0.12.2"},{"fixed":"0.13.0"}]}],"versions":["0.12.2","0.12.3","0.12.4","0.12.5","0.12.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2022-42972.yaml"}}],"schema_version":"1.7.3"}