VulnerableCode Package Details - pkg:pypi/apache-dolphinscheduler@3.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9nf3-ytdq-hfcu Aliases: CVE-2022-45875 GHSA-3xh5-8hvq-rc8x PYSEC-2023-4	Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.	3.0.2 Affected by 0 other vulnerabilities.
VCID-bzfg-r7ht-f3bb Aliases: CVE-2023-48796 GHSA-4vvc-r4p4-qgrr PYSEC-2023-268	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.	3.0.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9nf3-ytdq-hfcu
Aliases:
CVE-2022-45875
GHSA-3xh5-8hvq-rc8x
PYSEC-2023-4

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.

3.0.2
Affected by 0 other vulnerabilities.

VCID-bzfg-r7ht-f3bb
Aliases:
CVE-2023-48796
GHSA-4vvc-r4p4-qgrr
PYSEC-2023-268

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

3.0.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:20:53.078170+00:00	GitLab Importer	Affected by	VCID-bzfg-r7ht-f3bb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/apache-dolphinscheduler/CVE-2023-48796.yml	38.6.0
2026-06-05T17:03:20.110838+00:00	PyPI Importer	Affected by	VCID-bzfg-r7ht-f3bb	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:02:26.080404+00:00	PyPI Importer	Affected by	VCID-9nf3-ytdq-hfcu	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-02T04:20:14.490945+00:00	Pypa Importer	Affected by	VCID-bzfg-r7ht-f3bb	https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2023-268.yaml	38.6.0
2026-06-02T04:18:12.961756+00:00	Pypa Importer	Affected by	VCID-9nf3-ytdq-hfcu	https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2023-4.yaml	38.6.0