CVE-2024-43202

CRITICAL

Apache DolphinScheduler <3.2.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-43202. PoCs published by ive57.

AI-analyzed exploit summary This repository contains a Dockerized static analysis tool (YASA) configured to detect CVE-2024-43202 in Java code. It scans for taint flow vulnerabilities in a specific file related to Apache DolphinScheduler but does not include exploit code.

Description

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

Exploits (1)

nomisec SCANNER
by ive57 · poc
https://github.com/ive57/yasa-cve-2024-43202

This repository contains a Dockerized static analysis tool (YASA) configured to detect CVE-2024-43202 in Java code. It scans for taint flow vulnerabilities in a specific file related to Apache DolphinScheduler but does not include exploit code.

Classification
Scanner 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Apache DolphinScheduler (specific version not specified)
No auth needed
Prerequisites: Access to the target codebase · Docker environment
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.0766
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (2)
apache/dolphinscheduler 3.0.0 - 3.2.2
org.apache.dolphinscheduler/dolphinscheduler-task-api 0 - 3.2.2Maven
Published Aug 20, 2024
Tracked Since Feb 18, 2026