CVE-2024-43115: Apache DolphinScheduler vulnerable to Alert Script Attack

September 9, 2025 (updated September 10, 2025)

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.

This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.

References

github.com/advisories/GHSA-3vcp-r62v-xpvg
github.com/apache/dolphinscheduler
lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj
nvd.nist.gov/vuln/detail/CVE-2024-43115

Code Behaviors & Features

Detect and mitigate CVE-2024-43115 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →