CVE-2024-43202 Apache DolphinScheduler: Remote Code Execution Vulnerability

2024-08-2007:29:43

CWE-94

apache

github.com

apache dolphinscheduler

remote code execution

vulnerability

upgrade

AI Score

7.5

Confidence

High

EPSS

Percentile

16.4%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache DolphinScheduler",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0",
        "lessThan": "3.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:apache_software_foundation:apache_dolphinscheduler:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apache_software_foundation",
    "product": "apache_dolphinscheduler",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0",
        "lessThan": "3.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]