CVE-2024-43115

CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack

Vendor Apache Software Foundation

Product Apache DolphinScheduler

Weakness CWE-20 · Input validation

Published September 3, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

Key dates

Disclosure timeline

September 3, 2025 CVE published

November 4, 2025 Record updated