Vulnerabilities > Apache > Dolphinscheduler > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-04 CVE-2022-45875 Improper Input Validation vulnerability in Apache Dolphinscheduler
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.
network
low complexity
apache CWE-20
critical
 9.8
9.8
2022-11-23 CVE-2022-45462 Command Injection vulnerability in Apache Dolphinscheduler
Alarm instance management has command injection when there is a specific command configured.
network
low complexity
apache CWE-77
critical
 9.8
9.8
2020-12-18 CVE-2020-11974 Unspecified vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
network
low complexity
apache
critical
 9.8
9.8