Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 22 Nov 2023 04:31:28 +0000
From: Wenjun Ruan <>
Subject: CVE-2022-45875: Apache DolphinScheduler: Remote command execution
 Vulnerability in script alert plugin 

Severity: low

Affected versions:

- Apache DolphinScheduler 3.0 through 3.0.1
- Apache DolphinScheduler 3.1 through 3.1.0


Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.  This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.


4ra1n of Chaitin Tech (finder)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.