CVE-2024-43115 — Apache DolphinScheduler vulnerable to Alert Script Attack

Description

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

How to fix CVE-2024-43115

To remediate CVE-2024-43115, upgrade the affected package to a fixed version below.

—upgrade to 3.2.2 or later

Is CVE-2024-43115 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.2.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-43115
PATCHgithub.com/apache/dolphinscheduler
WEBlists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj
WEBwww.openwall.com/lists/oss-security/2025/09/03/1