CVE-2023-49250
published 2024-02-20CVE-2023-49250: Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could…
high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.
This issue affects Apache DolphinScheduler: before 3.2.0.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | dolphinscheduler | < 3.2.1 | 3.2.1 |
| apache_software_foundation | apache_dolphinscheduler | <= 3.2.0 | — |