Search for packages
| purl | pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5j97-9vtv-cufv | Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. |
CVE-2024-23320
GHSA-rc6h-qwj9-2c53 |
| VCID-a9ud-69qc-xufa | Insufficient Session Expiration Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue. |
CVE-2023-50270
GHSA-vjqc-g788-f378 |
| VCID-ckjx-1bbg-tfh8 | Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. |
CVE-2023-51770
GHSA-ff2w-wm48-jhqj |
| VCID-dkgs-qkj7-tqbb | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators. |
CVE-2023-49068
GHSA-c6cg-73p3-973h |
| VCID-njex-4pqg-mff6 | Improper Control of Generation of Code ('Code Injection') Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. |
CVE-2023-49109
GHSA-qwxx-xww6-8q8m |
| VCID-tcs7-63n8-c7bf | Improper Certificate Validation in Apache DolphinScheduler Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. |
CVE-2023-49250
GHSA-37gx-jqx9-fwmg |