Описание
Improper Certificate Validation in Apache DolphinScheduler
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.
This issue affects Apache DolphinScheduler: before 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
Пакеты
Наименование
org.apache.dolphinscheduler:dolphinscheduler
maven
Затронутые версииВерсия исправления
< 3.2.1
3.2.1
Связанные уязвимости
CVSS3: 7.3
nvd
почти 2 года назад
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.