Summary
A security vulnerability has been detected – already fixed by the vendor – with a severity of “high”, in Apache DolphinScheduler, a well-known data orchestration platform developed by the Apache Software Foundation.
Risk
Estimate of the impact of the vulnerability on the reference community: MEDIUM/YELLOW (64.87/100)1.
Type
Remote Code Execution
Affected products and/or versions
Apache DolphinScheduler, versions prior to 3.2.2
Mitigation actions
In line with the vendor’s declarations, it is recommended to undertake mitigation actions by following the instructions provided in the security bulletin reported in the References section.
Unique Vulnerability Identifiers
References
https://seclists.org/oss-sec/2024/q3/221
https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
