Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
DolphinScheduler  1.2.0  1.2.1


it's related with mysql connectorj remote code execution vulnerability when
choosing mysql as database, the detail info please refer:
and we have fixed in PR (

Mitigation: 1.2.0 and 1.2.1 users should upgrade to >=1.3.1

Example: An Attacker can execute code remotely in the DolphinScheduler
server through jdbc connect parameters input

Credit:  This issue was discovered by WuXiong of QI’ANXIN YunYing Lab.

Best Regards
DolphinScheduler(Incubator) PPMC
Lidong Dai

Reply via email to