Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/79382?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/79382?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.2.1", "type": "maven", "namespace": "org.apache.dolphinscheduler", "name": "dolphinscheduler", "version": "1.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.4.1", "latest_non_vulnerable_version": "3.4.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46519?format=api", "vulnerability_id": "VCID-6nzs-31fa-vudc", "summary": "Missing Authorization\nBefore DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56432", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56444", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56438", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49620" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530ac" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/10307", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/pull/10307" }, { "reference_url": "https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/30/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49620", "reference_id": "CVE-2023-49620", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49620" }, { "reference_url": "https://github.com/advisories/GHSA-r44q-98gx-pmh2", "reference_id": "GHSA-r44q-98gx-pmh2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r44q-98gx-pmh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67983?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ra7-3xzm-jbgt" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-9nf3-ytdq-hfcu" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-m8pu-577g-4qe5" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t29h-zzxt-hbbk" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.0" } ], "aliases": [ "CVE-2023-49620", "GHSA-r44q-98gx-pmh2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6nzs-31fa-vudc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47111?format=api", "vulnerability_id": "VCID-9499-ush9-ayhh", "summary": "Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server.\n\nThis issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.\n\nThis issue affects Apache DolphinScheduler: until 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73235", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73253", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23320" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15487", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15487" }, { "reference_url": "https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq" }, { "reference_url": "https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp" }, { "reference_url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/23/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/23/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23320", "reference_id": "CVE-2024-23320", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23320" }, { "reference_url": "https://github.com/advisories/GHSA-rc6h-qwj9-2c53", "reference_id": "GHSA-rc6h-qwj9-2c53", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rc6h-qwj9-2c53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67898?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2024-23320", "GHSA-rc6h-qwj9-2c53" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9499-ush9-ayhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46760?format=api", "vulnerability_id": "VCID-a9cw-q6g7-t3d6", "summary": "Apache DolphinScheduler: Arbitrary js execute as root for authenticated users\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69678", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69688", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6968", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49299" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15228", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15228" }, { "reference_url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/" } ], "url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/23/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/23/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49299", "reference_id": "CVE-2023-49299", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49299" }, { "reference_url": "https://github.com/advisories/GHSA-v7hg-77v9-2445", "reference_id": "GHSA-v7hg-77v9-2445", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7hg-77v9-2445" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68394?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-m8pu-577g-4qe5" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t29h-zzxt-hbbk" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9" } ], "aliases": [ "CVE-2023-49299", "GHSA-v7hg-77v9-2445" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9cw-q6g7-t3d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47051?format=api", "vulnerability_id": "VCID-aer3-3j27-gqaa", "summary": "Insufficient Session Expiration\nSession Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77825", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77818", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77815", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50270" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15219" }, { "reference_url": "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6" }, { "reference_url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/02/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/02/20/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50270", "reference_id": "CVE-2023-50270", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50270" }, { "reference_url": "https://github.com/advisories/GHSA-vjqc-g788-f378", "reference_id": "GHSA-vjqc-g788-f378", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjqc-g788-f378" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67898?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-50270", "GHSA-vjqc-g788-f378" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aer3-3j27-gqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47053?format=api", "vulnerability_id": "VCID-bqnz-n1hj-r3gx", "summary": "Improper Certificate Validation in Apache DolphinScheduler\nBecause the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38036", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38007", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38039", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49250" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15288", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15288" }, { "reference_url": "https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/" } ], "url": "https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49250", "reference_id": "CVE-2023-49250", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49250" }, { "reference_url": "https://github.com/advisories/GHSA-37gx-jqx9-fwmg", "reference_id": "GHSA-37gx-jqx9-fwmg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37gx-jqx9-fwmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67898?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-49250", "GHSA-37gx-jqx9-fwmg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqnz-n1hj-r3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41652?format=api", "vulnerability_id": "VCID-dk6a-gdh4-2fbj", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIn Apache DolphinScheduler authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0116", "scoring_system": "epss", "scoring_elements": "0.78957", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0116", "scoring_system": "epss", "scoring_elements": "0.78954", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0116", "scoring_system": "epss", "scoring_elements": "0.78963", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0116", "scoring_system": "epss", "scoring_elements": "0.7893", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27644" }, { "reference_url": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/01/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/01/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27644", "reference_id": "CVE-2021-27644", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27644" }, { "reference_url": "https://github.com/advisories/GHSA-93g4-3phc-g4xw", "reference_id": "GHSA-93g4-3phc-g4xw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93g4-3phc-g4xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59437?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-dkpw-agff-ebcv" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pb5n-s8tt-ykeb" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-yc2s-jxa6-8ua9" }, { "vulnerability": "VCID-z8sf-946n-kkgv" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.6" } ], "aliases": [ "CVE-2021-27644", "GHSA-93g4-3phc-g4xw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk6a-gdh4-2fbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108759?format=api", "vulnerability_id": "VCID-dkpw-agff-ebcv", "summary": "Apache DolphinScheduler vulnerable to Path Traversal\nUsers can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01609", "scoring_system": "epss", "scoring_elements": "0.8209", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01609", "scoring_system": "epss", "scoring_elements": "0.82123", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01609", "scoring_system": "epss", "scoring_elements": "0.8212", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26884" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/releases/tag/2.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/releases/tag/2.0.6" }, { "reference_url": "https://lists.apache.org/thread/xfdst5y4hnrm2ntmc5jzrgmw2htyyb9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:36:21Z/" } ], "url": "https://lists.apache.org/thread/xfdst5y4hnrm2ntmc5jzrgmw2htyyb9c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26884", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26884" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/10/28/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:36:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/10/28/2" }, { "reference_url": "https://github.com/advisories/GHSA-vpgf-fgm8-gxr2", "reference_id": "GHSA-vpgf-fgm8-gxr2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vpgf-fgm8-gxr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144513?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6" } ], "aliases": [ "CVE-2022-26884", "GHSA-vpgf-fgm8-gxr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkpw-agff-ebcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58138?format=api", "vulnerability_id": "VCID-kw72-g6v7-7fgk", "summary": "Apache DolphinScheduler vulnerable to Alert Script Attack\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.\n\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27326", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27235", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27275", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43115" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:45:02Z/" } ], "url": "https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43115", "reference_id": "CVE-2024-43115", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43115" }, { "reference_url": "https://github.com/advisories/GHSA-3vcp-r62v-xpvg", "reference_id": "GHSA-3vcp-r62v-xpvg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3vcp-r62v-xpvg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82388?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/756455?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha" } ], "aliases": [ "CVE-2024-43115", "GHSA-3vcp-r62v-xpvg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kw72-g6v7-7fgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47069?format=api", "vulnerability_id": "VCID-p7d8-kg27-nbee", "summary": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1.\n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01343", "scoring_system": "epss", "scoring_elements": "0.80399", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01343", "scoring_system": "epss", "scoring_elements": "0.80396", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51770" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15433", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15433" }, { "reference_url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g" }, { "reference_url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/20/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/20/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51770", "reference_id": "CVE-2023-51770", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51770" }, { "reference_url": "https://github.com/advisories/GHSA-ff2w-wm48-jhqj", "reference_id": "GHSA-ff2w-wm48-jhqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ff2w-wm48-jhqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67898?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-51770", "GHSA-ff2w-wm48-jhqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7d8-kg27-nbee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110170?format=api", "vulnerability_id": "VCID-pb5n-s8tt-ykeb", "summary": "Apache Dolphin Scheduler has insufficiently protected credentials\nWhen using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00659", "scoring_system": "epss", "scoring_elements": "0.71471", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00659", "scoring_system": "epss", "scoring_elements": "0.71498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00659", "scoring_system": "epss", "scoring_elements": "0.71522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00659", "scoring_system": "epss", "scoring_elements": "0.71515", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26885" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/releases/tag/2.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/releases/tag/2.0.6" }, { "reference_url": "https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:17:28Z/" } ], "url": "https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26885" }, { "reference_url": "https://github.com/advisories/GHSA-jvc3-wjf6-7c6c", "reference_id": "GHSA-jvc3-wjf6-7c6c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvc3-wjf6-7c6c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144513?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6" } ], "aliases": [ "CVE-2022-26885", "GHSA-jvc3-wjf6-7c6c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb5n-s8tt-ykeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55670?format=api", "vulnerability_id": "VCID-pnp9-9m41-jqdh", "summary": "Apache DolphinScheduler: RCE by arbitrary js execution\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56939", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56951", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56943", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29831" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-12T15:05:34Z/" } ], "url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/08/09/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/08/09/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29831", "reference_id": "CVE-2024-29831", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29831" }, { "reference_url": "https://github.com/advisories/GHSA-m9q4-p56m-mc6q", "reference_id": "GHSA-m9q4-p56m-mc6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9q4-p56m-mc6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82388?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/756455?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha" } ], "aliases": [ "CVE-2024-29831", "GHSA-m9q4-p56m-mc6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnp9-9m41-jqdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35706?format=api", "vulnerability_id": "VCID-rd8x-n14v-a3g5", "summary": "Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74919", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74944", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74952", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74948", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13922" }, { "reference_url": "https://github.com/apache/incubator-dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/incubator-dolphinscheduler" }, { "reference_url": "https://github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml" }, { "reference_url": "https://www.mail-archive.com/announce%40apache.org/msg06076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mail-archive.com/announce%40apache.org/msg06076.html" }, { "reference_url": "https://www.mail-archive.com/announce@apache.org/msg06076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mail-archive.com/announce@apache.org/msg06076.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13922", "reference_id": "CVE-2020-13922", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13922" }, { "reference_url": "https://github.com/advisories/GHSA-qhh5-9738-g9mx", "reference_id": "GHSA-qhh5-9738-g9mx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qhh5-9738-g9mx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79460?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-dk6a-gdh4-2fbj" }, { "vulnerability": "VCID-dkpw-agff-ebcv" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pb5n-s8tt-ykeb" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-yc2s-jxa6-8ua9" }, { "vulnerability": "VCID-z8sf-946n-kkgv" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.2" } ], "aliases": [ "CVE-2020-13922", "GHSA-qhh5-9738-g9mx", "PYSEC-2021-876" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8x-n14v-a3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89078?format=api", "vulnerability_id": "VCID-rkba-ka1m-fbdq", "summary": "Apache DolphinScheduler has an Incorrect Authorization Vulnerability\nIncorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.1. \n\nUsers are recommended to upgrade to version 3.4.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06668", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06662", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06674", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23902" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:25:12Z/" } ], "url": "https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23902", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23902" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/24/1" }, { "reference_url": "https://github.com/advisories/GHSA-72mv-wwvm-vgp5", "reference_id": "GHSA-72mv-wwvm-vgp5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72mv-wwvm-vgp5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110101?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1" } ], "aliases": [ "CVE-2026-23902", "GHSA-72mv-wwvm-vgp5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkba-ka1m-fbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110222?format=api", "vulnerability_id": "VCID-t6hf-upum-fket", "summary": "Apache DolphinScheduler vulnerable to Path Traversal\nWhen users add resources to the resource center with a relation path, this vulnerability will cause path traversal issues for logged-in users. Users should upgrade to version 3.0.0 to avoid this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01049", "scoring_system": "epss", "scoring_elements": "0.77867", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01049", "scoring_system": "epss", "scoring_elements": "0.77891", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01049", "scoring_system": "epss", "scoring_elements": "0.77901", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01049", "scoring_system": "epss", "scoring_elements": "0.77894", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34662" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T03:16:38Z/" } ], "url": "https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34662", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34662" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/01/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T03:16:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/13" }, { "reference_url": "https://github.com/advisories/GHSA-fp35-xrrr-3gph", "reference_id": "GHSA-fp35-xrrr-3gph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fp35-xrrr-3gph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64857?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ra7-3xzm-jbgt" }, { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-bzfg-r7ht-f3bb" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t29h-zzxt-hbbk" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.0.0" } ], "aliases": [ "CVE-2022-34662", "GHSA-fp35-xrrr-3gph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6hf-upum-fket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53901?format=api", "vulnerability_id": "VCID-tc37-6huh-v7gs", "summary": "Code Execution\nIn DolphinScheduler, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11349", "scoring_system": "epss", "scoring_elements": "0.93684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11349", "scoring_system": "epss", "scoring_elements": "0.93693", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.11349", "scoring_system": "epss", "scoring_elements": "0.93694", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11974" }, { "reference_url": "https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb@%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb@%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a@%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a@%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d@%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d@%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11@%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11@%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/09/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/09/8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11974", "reference_id": "CVE-2020-11974", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11974" }, { "reference_url": "https://github.com/advisories/GHSA-jpj4-5xwp-cv23", "reference_id": "GHSA-jpj4-5xwp-cv23", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jpj4-5xwp-cv23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79383?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-dk6a-gdh4-2fbj" }, { "vulnerability": "VCID-dkpw-agff-ebcv" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pb5n-s8tt-ykeb" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rd8x-n14v-a3g5" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-yc2s-jxa6-8ua9" }, { "vulnerability": "VCID-z8sf-946n-kkgv" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.0" } ], "aliases": [ "CVE-2020-11974", "GHSA-jpj4-5xwp-cv23" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc37-6huh-v7gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58046?format=api", "vulnerability_id": "VCID-vcek-m7ex-a7hm", "summary": "Apache DolphinScheduler Incorrect Default Permissions Vulnerability\nIncorrect Default Permissions vulnerability in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36876", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36841", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43166" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:44:48Z/" } ], "url": "https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43166", "reference_id": "CVE-2024-43166", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43166" }, { "reference_url": "https://github.com/advisories/GHSA-rrpj-r8h7-rm7r", "reference_id": "GHSA-rrpj-r8h7-rm7r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rrpj-r8h7-rm7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86353?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rkba-ka1m-fbdq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1" } ], "aliases": [ "CVE-2024-43166", "GHSA-rrpj-r8h7-rm7r" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcek-m7ex-a7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36072?format=api", "vulnerability_id": "VCID-yc2s-jxa6-8ua9", "summary": "Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78636", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78662", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78671", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78663", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25598" }, { "reference_url": "https://github.com/advisories/GHSA-qg5x-66hp-cw5p", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qg5x-66hp-cw5p" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml" }, { "reference_url": "https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25598", "reference_id": "CVE-2022-25598", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61166?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-dkpw-agff-ebcv" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pb5n-s8tt-ykeb" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-z8sf-946n-kkgv" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.5" } ], "aliases": [ "CVE-2022-25598", "GHSA-qg5x-66hp-cw5p", "PYSEC-2022-176" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yc2s-jxa6-8ua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110220?format=api", "vulnerability_id": "VCID-z8sf-946n-kkgv", "summary": "Command injection in Apache DolphinScheduler Alert Plugins\nAlarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21258", "scoring_system": "epss", "scoring_elements": "0.95787", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.21258", "scoring_system": "epss", "scoring_elements": "0.95796", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.21258", "scoring_system": "epss", "scoring_elements": "0.95795", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.21258", "scoring_system": "epss", "scoring_elements": "0.95792", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45462" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/10744", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/pull/10744" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/9834", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/pull/9834" }, { "reference_url": "https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-25T19:08:28Z/" } ], "url": "https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45462", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45462" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/23/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-25T19:08:28Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/11/23/1" }, { "reference_url": "https://github.com/advisories/GHSA-wqg7-mx6p-2rw3", "reference_id": "GHSA-wqg7-mx6p-2rw3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqg7-mx6p-2rw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144513?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6nzs-31fa-vudc" }, { "vulnerability": "VCID-9499-ush9-ayhh" }, { "vulnerability": "VCID-a9cw-q6g7-t3d6" }, { "vulnerability": "VCID-aer3-3j27-gqaa" }, { "vulnerability": "VCID-bqnz-n1hj-r3gx" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-p7d8-kg27-nbee" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-t6hf-upum-fket" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zx11-jxkm-bycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6" } ], "aliases": [ "CVE-2022-45462", "GHSA-wqg7-mx6p-2rw3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8sf-946n-kkgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46479?format=api", "vulnerability_id": "VCID-zx11-jxkm-bycp", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.3668", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36652", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36688", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49068" }, { "reference_url": "https://github.com/apache/dolphinscheduler", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler" }, { "reference_url": "https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134" }, { "reference_url": "https://github.com/apache/dolphinscheduler/pull/15192", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/dolphinscheduler/pull/15192" }, { "reference_url": "https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49068", "reference_id": "CVE-2023-49068", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49068" }, { "reference_url": "https://github.com/advisories/GHSA-c6cg-73p3-973h", "reference_id": "GHSA-c6cg-73p3-973h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6cg-73p3-973h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67898?format=api", "purl": "pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5p5x-ajpc-37fs" }, { "vulnerability": "VCID-kw72-g6v7-7fgk" }, { "vulnerability": "VCID-pnp9-9m41-jqdh" }, { "vulnerability": "VCID-rkba-ka1m-fbdq" }, { "vulnerability": "VCID-vcek-m7ex-a7hm" }, { "vulnerability": "VCID-zqv8-jxsz-pqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1" } ], "aliases": [ "CVE-2023-49068", "GHSA-c6cg-73p3-973h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zx11-jxkm-bycp" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.2.1" }