CVE-2023-51770 — Arbitrary File Read Vulnerability in Apache Dolphinscheduler

Description

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

How to fix CVE-2023-51770

To remediate CVE-2023-51770, upgrade the affected package to a fixed version below.

Maven/org.apache.dolphinscheduler:dolphinscheduler—upgrade to 3.2.1 or later

Is CVE-2023-51770 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.2.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-51770
PATCHgithub.com/apache/dolphinscheduler
WEBgithub.com/apache/dolphinscheduler/pull/15433
WEBlists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g
WEB