CVE-2023-49109 – org.apache.dolphinscheduler:dolphinscheduler

Package

Manager: maven
Name: org.apache.dolphinscheduler:dolphinscheduler
Vulnerable Version: >=3.0.0 <3.2.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03232 pctl0.86583

Details

Remote Code Execution in Apache Dolphinscheduler This issue affects Apache DolphinScheduler 3.0.0 before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

Metadata

Created: 2024-02-20T12:30:58Z
Modified: 2024-08-27T14:10:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-qwxx-xww6-8q8m/GHSA-qwxx-xww6-8q8m.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-qwxx-xww6-8q8m
Finding: F422
Auto approve: 1