{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-11974","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","dateUpdated":"2024-08-04T11:48:57.494Z","dateReserved":"2020-04-21T00:00:00.000Z","datePublished":"2020-12-18T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2024-05-01T18:11:49.275Z"},"descriptions":[{"lang":"en","value":"In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database."}],"affected":[{"vendor":"n/a","product":"Apache DolphinScheduler(Incubating)","versions":[{"version":"Apache DolphinScheduler(Incubating) 1.2.0 and 1.2.1","status":"affected"}]}],"references":[{"url":"https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] commented on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] removed a comment on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210316 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #5063: [1.3.6-prepare][#4851]fix MySQL datasource jdbc connect parameters #4851","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[oss-security] 20240409 CVE-2024-31864: Apache Zeppelin: Remote code execution by adding malicious JDBC connection string","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2024/04/09/8"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Remote Code execution vulnerability"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T11:48:57.494Z"},"title":"CVE Program Container","references":[{"url":"https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E","tags":["x_transferred"]},{"name":"[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] commented on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] removed a comment on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[dolphinscheduler-commits] 20210316 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #5063: [1.3.6-prepare][#4851]fix MySQL datasource jdbc connect parameters #4851","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"name":"[oss-security] 20240409 CVE-2024-31864: Apache Zeppelin: Remote code execution by adding malicious JDBC connection string","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/04/09/8"}]}]}}