Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49250


Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue.


Published

2024-02-20T10:15:08.040

Last Modified

2025-03-18T17:37:50.467

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses
  • Type: Primary
    CWE-295

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache dolphinscheduler < 3.2.1 Yes

References