You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@dolphinscheduler.apache.org by Jiajie Zhong <zh...@apache.org> on 2022/11/01 14:32:09 UTC

CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal

Severity: moderate

Description:

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

Credit:

This issue was discovered by Jigang Dong of M1QLin Security Team