VulnerableCode Package Details - pkg:pypi/apache-dolphinscheduler@3.0.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9nf3-ytdq-hfcu	Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.	CVE-2022-45875 GHSA-3xh5-8hvq-rc8x PYSEC-2023-4
VCID-bzfg-r7ht-f3bb	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.	CVE-2023-48796 GHSA-4vvc-r4p4-qgrr PYSEC-2023-268

Vulnerability

Summary

Aliases

VCID-9nf3-ytdq-hfcu

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.

CVE-2022-45875
GHSA-3xh5-8hvq-rc8x
PYSEC-2023-4

VCID-bzfg-r7ht-f3bb

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

CVE-2023-48796
GHSA-4vvc-r4p4-qgrr
PYSEC-2023-268

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:51:04.212041+00:00	GHSA Importer	Fixing	VCID-bzfg-r7ht-f3bb	https://github.com/advisories/GHSA-4vvc-r4p4-qgrr	38.6.0
2026-06-05T17:03:20.112433+00:00	PyPI Importer	Fixing	VCID-bzfg-r7ht-f3bb	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:02:26.082323+00:00	PyPI Importer	Fixing	VCID-9nf3-ytdq-hfcu	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-04T17:19:17.499079+00:00	GithubOSV Importer	Fixing	VCID-bzfg-r7ht-f3bb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-4vvc-r4p4-qgrr/GHSA-4vvc-r4p4-qgrr.json	38.6.0
2026-06-02T04:46:24.271958+00:00	GitLab Importer	Fixing	VCID-bzfg-r7ht-f3bb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/apache-dolphinscheduler/CVE-2023-48796.yml	38.6.0
2026-06-02T04:20:14.494908+00:00	Pypa Importer	Fixing	VCID-bzfg-r7ht-f3bb	https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2023-268.yaml	38.6.0
2026-06-02T04:18:12.966161+00:00	Pypa Importer	Fixing	VCID-9nf3-ytdq-hfcu	https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2023-4.yaml	38.6.0