Lucene search

GoogleOSV:CVE-2024-43202

HistoryAug 20, 2024 - 8:15 a.m.

CVE-2024-43202

2024-08-2008:15:05

Google

osv.dev

remote code execution

apache dolphinscheduler

cve-2024-43202

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

JSON

Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

References

github.com/apache/dolphinscheduler/pull/15758

lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5

lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh

www.cve.org/CVERecord?id=CVE-2023-49109

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

JSON

Related for OSV:CVE-2024-43202