CVE-2024-43202

Published: Aug 20, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

Affected (1)

Products: Apache: Dolphinscheduler

Apache

1 product

Dolphinscheduler

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Dolphinscheduler	From 3.0.0 to 3.2.2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (5)

https://github.com/apache/dolphinscheduler/pull/15758

Source: security@apache.org

Issue TrackingPatch

https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5

Source: security@apache.org

Vendor Advisory

https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh

Source: security@apache.org

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2023-49109

Source: security@apache.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/08/20/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.