Exploitation Summary
EIP tracks 1 public exploit for CVE-2023-49109. PoCs published by shoucheng3.
AI-analyzed exploit summary The repository contains only configuration files (e.g., .asf.yaml, GitHub issue templates) and no exploit code or technical analysis related to CVE-2023-49109.
Description
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
Exploits (1)
nomisec
STUB
by shoucheng3 · poc
https://github.com/shoucheng3/apache__dolphinscheduler_CVE-2023-49109_3-2-0
The repository contains only configuration files (e.g., .asf.yaml, GitHub issue templates) and no exploit code or technical analysis related to CVE-2023-49109.
Classification
Stub 95%
Attack Type
Other
Complexity
N/a
Reliability
N/a
Target:
Apache DolphinScheduler
No auth needed
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (4)
Core 4
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/02/20/4
Issue Tracking, Patch patch
https://github.com/apache/dolphinscheduler/pull/14991
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8
Scores
CVSS v3
9.8
EPSS
0.0712
EPSS Percentile
91.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
apache/dolphinscheduler
3.0.0 - 3.2.1
org.apache.dolphinscheduler/dolphinscheduler
3.0.0 - 3.2.1Maven
Published
Feb 20, 2024
Tracked Since
Feb 18, 2026