Lucene search
Veracode Vulnerability DatabaseVERACODE:38222HistoryNov 24, 2022 - 6:07 a.m.
OS Command Injection
2022-11-2406:07:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
os command injection
apache dolphinscheduler
scriptsender.java
EPSS
0.009
Percentile
82.7%
Apache DolphinScheduler Alert Plugin is vulnerable to os command injection attacks. The vulnerability exists in executeShellScript function of ScriptSender.java because the scripts are not validated before the alert script which allows an attacker to inject and execute arbitrary commands into the system.
References
www.openwall.com/lists/oss-security/2022/11/23/1
github.com/advisories/GHSA-wqg7-mx6p-2rw3
github.com/apache/dolphinscheduler/commit/69810a8a36060ae7e138fd7cdffdf2acc9eedd3b
github.com/apache/dolphinscheduler/pull/10744
github.com/apache/dolphinscheduler/pull/9834
lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w
Related
osv
osv
Command injection in Apache DolphinScheduler Alert Plugins
2022-11-23 09:30:24
CVE-2022-45462
2022-11-23 09:15:09
cvelist
cvelist
nvd
nvd
CVE-2022-45462
2022-11-23 09:15:09
github
github
Command injection in Apache DolphinScheduler Alert Plugins
2022-11-23 09:30:24
cve
cve
CVE-2022-45462
2022-11-23 09:15:09
cnvd
cnvd
Apache DolphinScheduler Command Injection Vulnerability
2022-11-25 00:00:00
prion
prion
Command injection
2022-11-23 09:15:00