VYPR
Critical severityNVD Advisory· Published Jan 4, 2023· Updated Apr 3, 2025

Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

CVE-2022-45875

Description

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.dolphinscheduler:dolphinschedulerMaven
< 3.0.23.0.2
org.apache.dolphinscheduler:dolphinschedulerMaven
>= 3.1.0, < 3.1.13.1.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.