Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-3vcp-r62v-xpvg

Опубликовано: 09 сент. 2025
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Apache DolphinScheduler vulnerable to Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.

This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.dolphinscheduler:dolphinscheduler

maven
Затронутые версииВерсия исправления

< 3.2.2

3.2.2

EPSS

Процентиль: 25%
0.00086
Низкий

8.8 High

CVSS3

CVE ID

CVE-2024-43115

Дефекты

CWE-20

Связанные уязвимости

nvd логотип

CVE-2024-43115

CVSS3: 8.8
nvd
5 месяцев назад

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

EPSS

Процентиль: 25%
0.00086
Низкий

8.8 High

CVSS3

CVE ID

CVE-2024-43115

Дефекты

CWE-20