You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Jiajie Zhong <zh...@apache.org> on 2022/11/23 02:19:51 UTC

CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability

Severity: moderate

Description:

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

Credit:

This issue was discovered by Jigang Dong of M1QLin Security Team