{"schema_version": "1.6.1", "id": "CVE-2022-45875", "summary": "Remote command execution Vulnerability in script alert plugin", "details": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.  This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\nThis attack can be performed only by authenticated users which can login to DS.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.0"}, {"last_affected": "3.0"}]}, {"type": "SEMVER", "events": [{"introduced": "3.1"}, {"last_affected": "3.1"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r"}]}