CVE-2022-45875: Improper Input Validation

January 4, 2023 (updated November 22, 2023)

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.

References

github.com/advisories/GHSA-3xh5-8hvq-rc8x
lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r
nvd.nist.gov/vuln/detail/CVE-2022-45875

Detect and mitigate CVE-2022-45875 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →