CVE-2023-25601

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25601

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25601.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25601

Aliases

GHSA-3jxw-cv35-2mmv

Withdrawn

2024-09-03T04:41:24.225748Z

Published

2023-04-20T16:15:07Z

Modified

2024-09-02T20:55:33Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value python-gateway.enabled=false in configuration file application.yaml. If you are using the python gateway, please upgrade to version 3.1.2 or above.

References

Affected packages

Git / github.com/apache/incubator-dolphinscheduler

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-dolphinscheduler
Events: Introduced

9efd1ace788998a44a4a7f25d7fd1d22a31d1e44

Fixed

f1aefae5e25daa5beef08accd8fbd26c32fb6b47