GHSA-wqg7-mx6p-2rw3

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-wqg7-mx6p-2rw3/GHSA-wqg7-mx6p-2rw3.json
Aliases
  • CVE-2022-45462
Published
2022-11-23T09:30:24Z
Modified
2022-11-23T22:37:26.156611Z
Details

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

References

Affected packages

Maven / org.apache.dolphinscheduler:dolphinscheduler-alert-plugins

org.apache.dolphinscheduler:dolphinscheduler-alert-plugins

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.0.6

Affected versions

2.*

2.0.1
2.0.2
2.0.3
2.0.4
2.0.5