CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

CWE 1 Total

Learn more

CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

Credits

an4er reporter

References 4 Total

https://github.com/apache/dolphinscheduler/pull/15758
external site
patch
https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5
external site
vendor-advisory
https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
external site
vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2023-49109
external site
related

Updated: 2024-08-20

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

http://www.openwall.com/lists/oss-security/2024/08/20/2
external site

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Apache Software Foundation

Description

CWE 1 Total

Product Status

Credits

References 4 Total

CVE Program

References 1 Total

Authorized Data Publishers

CISA-ADP