Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Dolphinscheduler

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-45875	1 Apache	1 Dolphinscheduler	2023-11-22	N/A	9.8 CRITICAL
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
CVE-2020-11974	1 Apache	1 Dolphinscheduler	2021-03-22	7.5 HIGH	9.8 CRITICAL
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.