exploitDog

CVE-2024-43202

Опубликовано: 20 авг. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

Ссылки

https://github.com/apache/dolphinscheduler/pull/15758
Issue Tracking
Patch
https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5
Vendor Advisory
https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-49109
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/08/20/2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.2.2 (исключая)

EPSS

Процентиль: 89%

0.04412

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-2fm6-mv57-p2qh

CVSS3: 9.8

github

больше 1 года назад

Apache Dolphinscheduler Code Injection vulnerability

EPSS

Процентиль: 89%

0.04412

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94