VYPR
High severityNVD Advisory· Published Feb 20, 2024· Updated Feb 13, 2025

Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil

CVE-2023-49250

Description

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.

This issue affects Apache DolphinScheduler: before 3.2.0.

Users are recommended to upgrade to version 3.2.1, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.dolphinscheduler:dolphinschedulerMaven
< 3.2.13.2.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.