oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack

From: Lidong Dai <lidongdai () apache org>
Date: Wed, 03 Sep 2025 05:05:37 +0000
Severity: low 

Affected versions:

- Apache DolphinScheduler before 3.2.2

Description:

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script 
server by alert script.


This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.

Credit:

L0ne1y (reporter)

References:

https://lists.apache.org/thread/lh42ktbbg87wrr6854rd7kho83wxc6f9
https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-43115
Previous By Date Next
Previous By Thread Next

Current thread: