Apache: >> Dolphinscheduler >> 2.0.6 Security Vulnerabilities
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
CVSS Score
9.8
EPSS Score
0.031
Published
2023-01-04
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
CVSS Score
6.5
EPSS Score
0.002
Published
2022-11-01
Page 2