Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/667367?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/667367?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.3", "type": "maven", "namespace": "org.apache.dolphinscheduler", "name": "dolphinscheduler", "version": "3.1.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.4.1", "latest_non_vulnerable_version": "3.4.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102304?format=api", "vulnerability_id": "VCID-2n8r-zeeq-jfcu", "summary": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler.\n\nThis vulnerability may allow unauthorized actors to access sensitive information, including database credentials.\n\n\nThis issue affects Apache DolphinScheduler versions 3.1.*.\n\n\nUsers are recommended to upgrade to:\n\n\n\n\n\n\n\n * version ≥ 3.2.0 if using 3.1.x\n\n\n\n\n\n\nAs a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable:\n\n\n```\nMANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus\n```\n\nAlternatively, add the following configuration to the application.yaml file:\n\n\n```\nmanagement:\n endpoints:\n web:\n exposure:\n include: health,metrics,prometheus\n```\n\nThis issue has been reported as CVE-2023-48796:\n\n https://cveprocess.apache.org/cve5/CVE-2023-48796", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08177", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08171", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08173", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0814", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62188" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/releases/tag/3.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/releases/tag/3.0.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62188", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62188" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2023-48796", "reference_id": "CVERecord?id=CVE-2023-48796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:57:14Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2023-48796" }, { "reference_url": "https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo", "reference_id": "ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:57:14Z/" } ], "url": "https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo" }, { "reference_url": "https://github.com/advisories/GHSA-3cjc-vhfm-ffp2", "reference_id": "GHSA-3cjc-vhfm-ffp2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3cjc-vhfm-ffp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374135?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-79gt-bpru-tyhf" }, { "vulnerability": "VCID-9q4r-z1tz-q7b8" }, { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-c5cd-ujks-b7dr" }, { "vulnerability": "VCID-kkj3-3m9g-v7eu" }, { "vulnerability": "VCID-kznh-5jy7-zbdp" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-quhn-8q8z-6keg" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0" } ], "aliases": [ "CVE-2025-62188", "GHSA-3cjc-vhfm-ffp2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n8r-zeeq-jfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146623?format=api", "vulnerability_id": "VCID-79gt-bpru-tyhf", "summary": "Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77941", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77947", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77934", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77865", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50270" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/3" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15219", "reference_id": "15219", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15219" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/02/20/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/02/20/3" }, { "reference_url": "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6", "reference_id": "94prw8hyk60vvw7s6cs3tr708qzqlwl6", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50270", "reference_id": "CVE-2023-50270", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50270" }, { "reference_url": "https://github.com/advisories/GHSA-vjqc-g788-f378", "reference_id": "GHSA-vjqc-g788-f378", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjqc-g788-f378" }, { "reference_url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r", "reference_id": "lmnf21obyos920dnvbfpwq29c1sd2r9r", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29143?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-50270", "GHSA-vjqc-g788-f378" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79gt-bpru-tyhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/130814?format=api", "vulnerability_id": "VCID-9q4r-z1tz-q7b8", "summary": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01343", "scoring_system": "epss", "scoring_elements": "0.80515", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01343", "scoring_system": "epss", "scoring_elements": "0.80523", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01343", "scoring_system": "epss", "scoring_elements": "0.80512", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01343", "scoring_system": "epss", "scoring_elements": "0.8045", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51770" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15433", "reference_id": "15433", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15433" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/2" }, { "reference_url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g", "reference_id": "4t8bdjqnfhldh73gy9p0whlgvnnbtn7g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51770", "reference_id": "CVE-2023-51770", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51770" }, { "reference_url": "https://github.com/advisories/GHSA-ff2w-wm48-jhqj", "reference_id": "GHSA-ff2w-wm48-jhqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ff2w-wm48-jhqj" }, { "reference_url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw", "reference_id": "gpks573kn00ofxn7n9gkg6o47d03p5rw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29143?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-51770", "GHSA-ff2w-wm48-jhqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9q4r-z1tz-q7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33082?format=api", "vulnerability_id": "VCID-a2gv-s3b1-23ed", "summary": "File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files.\nThis issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.\n\nUsers are recommended to upgrade to version 3.2.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-30188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88514", "scoring_system": "epss", "scoring_elements": "0.99524", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.88514", "scoring_system": "epss", "scoring_elements": "0.99526", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-30188" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30188", "reference_id": "CVE-2024-30188", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30188" }, { "reference_url": "https://github.com/advisories/GHSA-4vv4-crw4-8pcw", "reference_id": "GHSA-4vv4-crw4-8pcw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vv4-crw4-8pcw" }, { "reference_url": "https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07", "reference_id": "tbrt42mnr42bq6scxwt6bjr3s2pwyd07", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-10T14:25:59Z/" } ], "url": "https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32965?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/734594?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha" } ], "aliases": [ "CVE-2024-30188", "GHSA-4vv4-crw4-8pcw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2gv-s3b1-23ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133133?format=api", "vulnerability_id": "VCID-c5cd-ujks-b7dr", "summary": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0712", "scoring_system": "epss", "scoring_elements": "0.91762", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0712", "scoring_system": "epss", "scoring_elements": "0.91767", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0712", "scoring_system": "epss", "scoring_elements": "0.9177", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0712", "scoring_system": "epss", "scoring_elements": "0.91734", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49109" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/14991", "reference_id": "14991", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/14991" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/4" }, { "reference_url": "https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8", "reference_id": "5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/" } ], "url": "https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8" }, { "reference_url": "https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5", "reference_id": "6kgsl93vtqlbdk6otttl0d8wmlspk0m5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/" } ], "url": "https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49109", "reference_id": "CVE-2023-49109", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49109" }, { "reference_url": "https://github.com/advisories/GHSA-qwxx-xww6-8q8m", "reference_id": "GHSA-qwxx-xww6-8q8m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qwxx-xww6-8q8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29143?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-49109", "GHSA-qwxx-xww6-8q8m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5cd-ujks-b7dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33458?format=api", "vulnerability_id": "VCID-kkj3-3m9g-v7eu", "summary": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.\n\nThis issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.\n\nThis issue affects Apache DolphinScheduler: until 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73295", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73385", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73387", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73372", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23320" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15487", "reference_id": "15487", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15487" }, { "reference_url": "https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq", "reference_id": "25qhfvlksozzp6j9y8ozznvjdjp3lxqq", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/23/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/23/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23320", "reference_id": "CVE-2024-23320", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23320" }, { "reference_url": "https://github.com/advisories/GHSA-rc6h-qwj9-2c53", "reference_id": "GHSA-rc6h-qwj9-2c53", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rc6h-qwj9-2c53" }, { "reference_url": "https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp", "reference_id": "p7rwzdgrztdfps8x1bwx646f1mn0x6cp", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp" }, { "reference_url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm", "reference_id": "tnf99qoc6tlnwrny4t1zk6mfszgdsokm", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29143?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2024-23320", "GHSA-rc6h-qwj9-2c53" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkj3-3m9g-v7eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132960?format=api", "vulnerability_id": "VCID-kznh-5jy7-zbdp", "summary": "Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.\n\nThis issue affects Apache DolphinScheduler: before 3.2.0.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38213", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38225", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38238", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38036", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49250" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/1" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15288", "reference_id": "15288", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15288" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49250", "reference_id": "CVE-2023-49250", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49250" }, { "reference_url": "https://github.com/advisories/GHSA-37gx-jqx9-fwmg", "reference_id": "GHSA-37gx-jqx9-fwmg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37gx-jqx9-fwmg" }, { "reference_url": "https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn", "reference_id": "wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/" } ], "url": "https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29143?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-49250", "GHSA-37gx-jqx9-fwmg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kznh-5jy7-zbdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31986?format=api", "vulnerability_id": "VCID-m2sy-k3dv-ebfn", "summary": "Incorrect Default Permissions vulnerability in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37042", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37054", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36864", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3707", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43166" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43166", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43166" }, { "reference_url": "https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk", "reference_id": "8zd69zkkx55qp365xp4tml1xh9og5lhk", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:44:48Z/" } ], "url": "https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk" }, { "reference_url": "https://github.com/advisories/GHSA-rrpj-r8h7-rm7r", "reference_id": "GHSA-rrpj-r8h7-rm7r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrpj-r8h7-rm7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373723?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1" } ], "aliases": [ "CVE-2024-43166", "GHSA-rrpj-r8h7-rm7r" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2sy-k3dv-ebfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48414?format=api", "vulnerability_id": "VCID-mqvn-n1us-hyds", "summary": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49744", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49731", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57135", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57015", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29831" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/08/09/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/08/09/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29831", "reference_id": "CVE-2024-29831", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29831" }, { "reference_url": "https://github.com/advisories/GHSA-m9q4-p56m-mc6q", "reference_id": "GHSA-m9q4-p56m-mc6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9q4-p56m-mc6q" }, { "reference_url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0", "reference_id": "x1ch0x5om3srtbnp7rtsvdszho3mdrq0", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-12T15:05:34Z/" } ], "url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32965?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/734594?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha" } ], "aliases": [ "CVE-2024-29831", "GHSA-m9q4-p56m-mc6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqvn-n1us-hyds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357528?format=api", "vulnerability_id": "VCID-quhn-8q8z-6keg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36676", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36855", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.3688", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36868", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49068" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15192", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15192" }, { "reference_url": "https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49068", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49068" }, { "reference_url": "https://github.com/advisories/GHSA-c6cg-73p3-973h", "reference_id": "GHSA-c6cg-73p3-973h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6cg-73p3-973h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29143?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-49068", "GHSA-c6cg-73p3-973h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-quhn-8q8z-6keg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133180?format=api", "vulnerability_id": "VCID-x9k8-7n11-ybg1", "summary": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69835", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69847", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69745", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6985", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49299" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15228", "reference_id": "15228", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15228" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/23/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/23/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49299", "reference_id": "CVE-2023-49299", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49299" }, { "reference_url": "https://github.com/advisories/GHSA-v7hg-77v9-2445", "reference_id": "GHSA-v7hg-77v9-2445", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7hg-77v9-2445" }, { "reference_url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm", "reference_id": "tnf99qoc6tlnwrny4t1zk6mfszgdsokm", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/" } ], "url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394970?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n8r-zeeq-jfcu" }, { "vulnerability": "VCID-79gt-bpru-tyhf" }, { "vulnerability": "VCID-9q4r-z1tz-q7b8" }, { "vulnerability": "VCID-a2gv-s3b1-23ed" }, { "vulnerability": "VCID-c5cd-ujks-b7dr" }, { "vulnerability": "VCID-kkj3-3m9g-v7eu" }, { "vulnerability": "VCID-kznh-5jy7-zbdp" }, { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-mqvn-n1us-hyds" }, { "vulnerability": "VCID-quhn-8q8z-6keg" }, { "vulnerability": "VCID-xs15-qsyz-gbgk" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9" } ], "aliases": [ "CVE-2023-49299", "GHSA-v7hg-77v9-2445" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k8-7n11-ybg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31339?format=api", "vulnerability_id": "VCID-xs15-qsyz-gbgk", "summary": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.\n\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27454", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27436", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27232", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27433", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43115" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43115", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43115" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/1" }, { "reference_url": "https://github.com/advisories/GHSA-3vcp-r62v-xpvg", "reference_id": "GHSA-3vcp-r62v-xpvg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vcp-r62v-xpvg" }, { "reference_url": "https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj", "reference_id": "qm36nrsv1vrr2j4o5q2wo75h3686hrnj", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:45:02Z/" } ], "url": "https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32965?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/734594?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m2sy-k3dv-ebfn" }, { "vulnerability": "VCID-x5a8-m3jz-tkc4" }, { "vulnerability": "VCID-zxdw-tgbb-aqdc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha" } ], "aliases": [ "CVE-2024-43115", "GHSA-3vcp-r62v-xpvg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xs15-qsyz-gbgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66851?format=api", "vulnerability_id": "VCID-zxdw-tgbb-aqdc", "summary": "Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.1. \n\nUsers are recommended to upgrade to version 3.4.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06673", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06643", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0665", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0666", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23902" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23902", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23902" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/24/1" }, { "reference_url": "https://github.com/advisories/GHSA-72mv-wwvm-vgp5", "reference_id": "GHSA-72mv-wwvm-vgp5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72mv-wwvm-vgp5" }, { "reference_url": "https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9", "reference_id": "hy4ntb2gys8150zfmnxhsd5ph0hoh7s9", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:25:12Z/" } ], "url": "https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373398?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1" } ], "aliases": [ "CVE-2026-23902", "GHSA-72mv-wwvm-vgp5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdw-tgbb-aqdc" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.3" }