QwikSec

Security Database

CVE

CWE

Training

CVE-2020-11974

Published: Dec 18, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.

Vendor	Product	Versions
n/a	Apache DolphinScheduler(Incubating)	affected `Apache DolphinScheduler(Incubating) 1.2.0 and 1.2.1`

References

https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E

[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] commented on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security

mailing-list

[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security

mailing-list

[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] removed a comment on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security

mailing-list

[dolphinscheduler-commits] 20210316 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #5063: [1.3.6-prepare][#4851]fix MySQL datasource jdbc connect parameters #4851

mailing-list

[oss-security] 20240409 CVE-2024-31864: Apache Zeppelin: Remote code execution by adding malicious JDBC connection string

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.