Primary

Context

Apache DolphinScheduler Improper Input Validation Vulnerability Allowing Shell Script Execution

Vulnerability

Patched

A vulnerability allowing improper input validation has been identified in Apache DolphinScheduler versions prior to 3.2.2. This issue enables an authenticated user to execute any shell script on the server by using the alert script feature.

Impact

Exploitation of this vulnerability allows for arbitrary shell script execution on the server.

Remediation

Users are advised to upgrade to Apache DolphinScheduler version 3.3.1 or later, which addresses this vulnerability.

Added: Sep 3, 2025, 9:26 AM

Updated: Sep 3, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache DolphinScheduler Improper Input Validation Vulnerability Allowing Shell Script Execution

Vulnerability

Impact

Remediation

Affected Products

Apache DolphinScheduler

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating