{"id":"PYSEC-2023-4","details":"Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.","aliases":["CVE-2022-45875","GHSA-3xh5-8hvq-rc8x"],"modified":"2023-11-08T04:10:54.065001Z","published":"2023-01-04T15:15:00Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r"}],"affected":[{"package":{"name":"apache-dolphinscheduler","ecosystem":"PyPI","purl":"pkg:pypi/apache-dolphinscheduler"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.2"}]}],"versions":["0.1.0","0.1.1","2.0.5","2.0.5.1","2.0.7","3.0.0","3.0.0a0","3.0.0b1","3.0.0b2","3.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2023-4.yaml"}}],"schema_version":"1.7.3"}