Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
2024-02-20T10:15:08.040
2025-03-18T17:37:50.467
Analyzed
CVSSv3.1: 7.3 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | apache | dolphinscheduler | < 3.2.1 | Yes |