Lucene search
Veracode Vulnerability DatabaseVERACODE:38796HistoryJan 08, 2023 - 5:31 a.m.
Remote Code Execution (RCE)
2023-01-0805:31:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
dolphinscheduler
remote code execution
vulnerability
improper validation
malicious script alerts
EPSS
0.003
Percentile
65.6%
dolphinscheduler-alert-script is vulnerable to Remote Code Execution. The vulnerability exists due to the improper validation of the script alert plugin parameter in the library, allowing an attacker to inject and execute malicious script alerts.
References
www.openwall.com/lists/oss-security/2023/11/22/2
github.com/advisories/GHSA-3xh5-8hvq-rc8x
github.com/apache/dolphinscheduler/commit/82b1fc9c13362da7ffa0e9f1af12f84bc54425dc
github.com/apache/dolphinscheduler/commit/a30f2ae8dfdf9b6c0af2405d1686d71eb7048a15
github.com/apache/dolphinscheduler/issues/12439
github.com/apache/dolphinscheduler/pull/12495
github.com/apache/dolphinscheduler/pull/12895
lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r
Related
osv
osv
CVE-2022-45875
2023-01-04 15:15:09
Apache DolphinScheduler vulnerable to Improper Input Validation
2023-01-04 15:30:19
PYSEC-2023-4
2023-01-04 15:15:00
nvd
nvd
CVE-2022-45875
2023-01-04 15:15:09
cvelist
cvelist
cve
cve
CVE-2022-45875
2023-01-04 15:15:09
cnvd
cnvd
Apache DolphinScheduler Input Validation Error Vulnerability
2023-01-09 00:00:00
github
github
Apache DolphinScheduler vulnerable to Improper Input Validation
2023-01-04 15:30:19
prion
prion
Design/Logic Flaw
2023-01-04 15:15:00