CVE-2022-45875: Apache DolphinScheduler vulnerable to Improper Input Validation

January 4, 2023 (updated February 13, 2025)

Apache DolphinScheduler improperly validates script alert plugin parameters and is vulnerable to remote command execution. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. Users should upgrade to version 3.0.2 or 3.1.1.

References

github.com/advisories/GHSA-3xh5-8hvq-rc8x
github.com/apache/dolphinscheduler
github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2023-4.yaml
lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r
nvd.nist.gov/vuln/detail/CVE-2022-45875

Detect and mitigate CVE-2022-45875 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →