CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
org.apache.dolphinscheduler:dolphinscheduler-task-api is vulnerable to Remote Code Execution. The vulnerability is due to insufficient validation of user input within the HttpTaskDefinitionParser.java file, allowing attackers to execute arbitrary code on the affected system.
github.com/advisories/GHSA-2fm6-mv57-p2qh
github.com/apache/dolphinscheduler/commit/dc306bfa1d3ed72eb7b72b177e33a46042d2a9c3
github.com/apache/dolphinscheduler/pull/15758
lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5
lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
www.cve.org/CVERecord?id=CVE-2023-49109