dolphinscheduler-alert-script is vulnerable to Remote Code Execution. The vulnerability exists due to the improper validation of the script alert plugin parameter in the library, allowing an attacker to inject and execute malicious script alerts.
www.openwall.com/lists/oss-security/2023/11/22/2
github.com/advisories/GHSA-3xh5-8hvq-rc8x
github.com/apache/dolphinscheduler/commit/82b1fc9c13362da7ffa0e9f1af12f84bc54425dc
github.com/apache/dolphinscheduler/commit/a30f2ae8dfdf9b6c0af2405d1686d71eb7048a15
github.com/apache/dolphinscheduler/issues/12439
github.com/apache/dolphinscheduler/pull/12495
github.com/apache/dolphinscheduler/pull/12895
lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r