Lucene search

GitHub Advisory DatabaseGHSA-2FM6-MV57-P2QH

HistoryAug 20, 2024 - 9:30 a.m.

Apache Dolphinscheduler Code Injection vulnerability

2024-08-2009:30:28

CWE-94

GitHub Advisory Database

github.com

apache dolphinscheduler

code injection

remote code execution

upgrade vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

16.4%

JSON

Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

Affected configurations

Vulners

Node

org.apache.dolphinschedulerdolphinscheduler-task-apiRange<3.2.2

VendorProductVersionCPE
org.apache.dolphinschedulerdolphinscheduler-task-api*cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler-task-api:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.dolphinscheduler	dolphinscheduler-task-api	*	cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler-task-api::::::::

References

github.com/advisories/GHSA-2fm6-mv57-p2qh

github.com/apache/dolphinscheduler/commit/dc306bfa1d3ed72eb7b72b177e33a46042d2a9c3

github.com/apache/dolphinscheduler/pull/15758

lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5

lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh

nvd.nist.gov/vuln/detail/CVE-2024-43202

www.cve.org/CVERecord?id=CVE-2023-49109

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

16.4%

JSON

Related for GHSA-2FM6-MV57-P2QH