Lucene search

[email protected]NVD:CVE-2023-49109

HistoryFeb 20, 2024 - 10:15 a.m.

CVE-2023-49109

2024-02-2010:15:07

CWE-94

[email protected]

web.nvd.nist.gov

remote code execution

apache dolphinscheduler

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

15.5%

JSON

Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.1.

We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

References

www.openwall.com/lists/oss-security/2024/02/20/4

github.com/apache/dolphinscheduler/pull/14991

lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8

lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2023-49109

cvelist1 osv4 github1 cnvd1 veracode1 cve1 prion1 vulnrichment1