Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.dolphinscheduler/dolphinscheduler-dao@3.1.0
Typemaven
Namespaceorg.apache.dolphinscheduler
Namedolphinscheduler-dao
Version3.1.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.1.0
Latest_non_vulnerable_version3.1.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6nzs-31fa-vudc
vulnerability_id VCID-6nzs-31fa-vudc
summary 
Missing Authorization
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
references
0
reference_url https://github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530ac
reference_id
reference_type
scores
url https://github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530ac
1
reference_url https://github.com/apache/dolphinscheduler/pull/10307
reference_id
reference_type
scores
url https://github.com/apache/dolphinscheduler/pull/10307
2
reference_url https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj
reference_id
reference_type
scores
url https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj
3
reference_url http://www.openwall.com/lists/oss-security/2023/11/30/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/11/30/4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49620
reference_id CVE-2023-49620
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-49620
5
reference_url https://github.com/advisories/GHSA-r44q-98gx-pmh2
reference_id GHSA-r44q-98gx-pmh2
reference_type
scores
url https://github.com/advisories/GHSA-r44q-98gx-pmh2
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-dao@3.1.0
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-dao@3.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-dao@3.1.0
aliases CVE-2023-49620, GHSA-r44q-98gx-pmh2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6nzs-31fa-vudc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-dao@3.1.0