by @mhzcyber
14 Apr 2023

CVE-2022-45875: Apache DolphinScheduler vulnerable to Improper Input Validation leads to RCE

by @mhzcyber
14 Apr 2023

CVE-2022-45875: Apache DolphinScheduler vulnerable to Improper Input Validation leads to RCE

CVEs

9.8 Critical Severity

Apps

*.*
3.1.7.*
3.1.8.*
3.1.6.*
3.1.5.*
3.1.9.*
3.0.5.*
3.0.6.*
1.3.9.*
3.1.4.*

Screenshots from the blog posts

blog-posts/images/clgg12ge4000u0jpmabme9x76.pngblog-posts/images/clgg12ge4000u0jpmabme9x76.png

Summary

In this analysis, we are going to break down CVE-2022-45875. Understand how the command injection happened, see the patch diffing, understand how they patched, and finally give it a try to bypass the patch 😬

Description

users/photos/clr6vsmml0vl21hn13643hl0n.jpg

@mhzcyber

68 posts

Security Researcher | Cyber Security Labs Developer | Upwork Top Rated CyberSecurity

Total vcoins

132.8K

Badges

badges/images/clemwgql90gww0jnxh6rbcqsr.png

Memelord

badges/images/clktw0fnh0pci1inadxpbcwpn.png

Shawarma King

Social media links

Comments (0)