CVE-2022-45462

Improper Neutralization of Special Elements used in a Command ('Command Injection') in maven/org.apache.dolphinscheduler/dolphinscheduler-alert-plugins

Identifiers

GHSA-wqg7-mx6p-2rw3, CVE-2022-45462

Package Slug

maven/org.apache.dolphinscheduler/dolphinscheduler-alert-plugins

Vulnerability

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Description

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

Affected Versions

All versions before 2.0.6

Solution

Upgrade to version 2.0.6 or above.

Last Modified

2022-11-24

source