Remote Code Execution Vulnerability Affects Apache DolphinScheduler
CVE-2023-49109

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 20 February 2024

Summary

Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.1.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

Affected Version(s)

Apache DolphinScheduler 3.0.0 < 3.2.1

References

https://github.com/apache/dolphinscheduler/pull/14991

https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wm...

vendor-advisory

https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4r...

vendor-advisory

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Nov 22, 2023

Credit

Y4tacker and 4ra1n from Y4secTeam

.