{"url":"http://public2.vulnerablecode.io/api/packages/393383?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.2","type":"maven","namespace":"org.apache.dolphinscheduler","name":"dolphinscheduler","version":"3.1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.1","latest_non_vulnerable_version":"3.4.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102304?format=json","vulnerability_id":"VCID-2n8r-zeeq-jfcu","summary":"An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler.\n\nThis vulnerability may allow unauthorized actors to access sensitive information, including database credentials.\n\n\nThis issue affects Apache DolphinScheduler versions 3.1.*.\n\n\nUsers are recommended to upgrade to:\n\n\n\n\n\n\n\n  *  version ≥ 3.2.0 if using 3.1.x\n\n\n\n\n\n\nAs a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable:\n\n\n```\nMANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus\n```\n\nAlternatively, add the following configuration to the application.yaml file:\n\n\n```\nmanagement:\n   endpoints:\n     web:\n        exposure:\n          include: health,metrics,prometheus\n```\n\nThis issue has been reported as CVE-2023-48796:\n\n https://cveprocess.apache.org/cve5/CVE-2023-48796","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62188","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08177","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08171","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08173","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0814","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62188"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/releases/tag/3.0.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/releases/tag/3.0.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62188","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62188"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2023-48796","reference_id":"CVERecord?id=CVE-2023-48796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:57:14Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2023-48796"},{"reference_url":"https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo","reference_id":"ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:57:14Z/"}],"url":"https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo"},{"reference_url":"https://github.com/advisories/GHSA-3cjc-vhfm-ffp2","reference_id":"GHSA-3cjc-vhfm-ffp2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cjc-vhfm-ffp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374135?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79gt-bpru-tyhf"},{"vulnerability":"VCID-9q4r-z1tz-q7b8"},{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-c5cd-ujks-b7dr"},{"vulnerability":"VCID-kkj3-3m9g-v7eu"},{"vulnerability":"VCID-kznh-5jy7-zbdp"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-quhn-8q8z-6keg"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0"}],"aliases":["CVE-2025-62188","GHSA-3cjc-vhfm-ffp2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n8r-zeeq-jfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146623?format=json","vulnerability_id":"VCID-79gt-bpru-tyhf","summary":"Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50270","reference_id":"","reference_type":"","scores":[{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77941","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77947","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77934","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77865","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50270"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/3"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15219","reference_id":"15219","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15219"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/02/20/3","reference_id":"3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/02/20/3"},{"reference_url":"https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6","reference_id":"94prw8hyk60vvw7s6cs3tr708qzqlwl6","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50270","reference_id":"CVE-2023-50270","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50270"},{"reference_url":"https://github.com/advisories/GHSA-vjqc-g788-f378","reference_id":"GHSA-vjqc-g788-f378","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjqc-g788-f378"},{"reference_url":"https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r","reference_id":"lmnf21obyos920dnvbfpwq29c1sd2r9r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29143?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-50270","GHSA-vjqc-g788-f378"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79gt-bpru-tyhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/130814?format=json","vulnerability_id":"VCID-9q4r-z1tz-q7b8","summary":"Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51770","reference_id":"","reference_type":"","scores":[{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80515","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80523","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80512","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.8045","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51770"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15433","reference_id":"15433","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15433"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/2"},{"reference_url":"https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g","reference_id":"4t8bdjqnfhldh73gy9p0whlgvnnbtn7g","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51770","reference_id":"CVE-2023-51770","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51770"},{"reference_url":"https://github.com/advisories/GHSA-ff2w-wm48-jhqj","reference_id":"GHSA-ff2w-wm48-jhqj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ff2w-wm48-jhqj"},{"reference_url":"https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw","reference_id":"gpks573kn00ofxn7n9gkg6o47d03p5rw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29143?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-51770","GHSA-ff2w-wm48-jhqj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9q4r-z1tz-q7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33082?format=json","vulnerability_id":"VCID-a2gv-s3b1-23ed","summary":"File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files.\nThis issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.\n\nUsers are recommended to upgrade to version 3.2.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30188","reference_id":"","reference_type":"","scores":[{"value":"0.88514","scoring_system":"epss","scoring_elements":"0.99524","published_at":"2026-06-11T12:55:00Z"},{"value":"0.88514","scoring_system":"epss","scoring_elements":"0.99526","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30188"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30188","reference_id":"CVE-2024-30188","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30188"},{"reference_url":"https://github.com/advisories/GHSA-4vv4-crw4-8pcw","reference_id":"GHSA-4vv4-crw4-8pcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vv4-crw4-8pcw"},{"reference_url":"https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07","reference_id":"tbrt42mnr42bq6scxwt6bjr3s2pwyd07","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-10T14:25:59Z/"}],"url":"https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32965?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734594?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha"}],"aliases":["CVE-2024-30188","GHSA-4vv4-crw4-8pcw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2gv-s3b1-23ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133133?format=json","vulnerability_id":"VCID-c5cd-ujks-b7dr","summary":"Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49109","reference_id":"","reference_type":"","scores":[{"value":"0.0712","scoring_system":"epss","scoring_elements":"0.91762","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0712","scoring_system":"epss","scoring_elements":"0.91767","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0712","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0712","scoring_system":"epss","scoring_elements":"0.91734","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49109"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/14991","reference_id":"14991","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/14991"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/4"},{"reference_url":"https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8","reference_id":"5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/"}],"url":"https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8"},{"reference_url":"https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5","reference_id":"6kgsl93vtqlbdk6otttl0d8wmlspk0m5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/"}],"url":"https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49109","reference_id":"CVE-2023-49109","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49109"},{"reference_url":"https://github.com/advisories/GHSA-qwxx-xww6-8q8m","reference_id":"GHSA-qwxx-xww6-8q8m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwxx-xww6-8q8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29143?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-49109","GHSA-qwxx-xww6-8q8m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5cd-ujks-b7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33458?format=json","vulnerability_id":"VCID-kkj3-3m9g-v7eu","summary":"Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.\n\nThis issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.\n\nThis issue affects Apache DolphinScheduler: until 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23320","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73295","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73385","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73387","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73372","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23320"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15487","reference_id":"15487","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15487"},{"reference_url":"https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq","reference_id":"25qhfvlksozzp6j9y8ozznvjdjp3lxqq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/23/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/23/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23320","reference_id":"CVE-2024-23320","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23320"},{"reference_url":"https://github.com/advisories/GHSA-rc6h-qwj9-2c53","reference_id":"GHSA-rc6h-qwj9-2c53","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rc6h-qwj9-2c53"},{"reference_url":"https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp","reference_id":"p7rwzdgrztdfps8x1bwx646f1mn0x6cp","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp"},{"reference_url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm","reference_id":"tnf99qoc6tlnwrny4t1zk6mfszgdsokm","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29143?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2024-23320","GHSA-rc6h-qwj9-2c53"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkj3-3m9g-v7eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132960?format=json","vulnerability_id":"VCID-kznh-5jy7-zbdp","summary":"Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.\n\nThis issue affects Apache DolphinScheduler: before 3.2.0.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49250","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38213","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38225","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38238","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38036","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49250"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/1","reference_id":"1","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/1"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15288","reference_id":"15288","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15288"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49250","reference_id":"CVE-2023-49250","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49250"},{"reference_url":"https://github.com/advisories/GHSA-37gx-jqx9-fwmg","reference_id":"GHSA-37gx-jqx9-fwmg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37gx-jqx9-fwmg"},{"reference_url":"https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn","reference_id":"wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/"}],"url":"https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29143?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-49250","GHSA-37gx-jqx9-fwmg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kznh-5jy7-zbdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31986?format=json","vulnerability_id":"VCID-m2sy-k3dv-ebfn","summary":"Incorrect Default Permissions vulnerability in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43166","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37042","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37054","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36864","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3707","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43166"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43166","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43166"},{"reference_url":"https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk","reference_id":"8zd69zkkx55qp365xp4tml1xh9og5lhk","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:44:48Z/"}],"url":"https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk"},{"reference_url":"https://github.com/advisories/GHSA-rrpj-r8h7-rm7r","reference_id":"GHSA-rrpj-r8h7-rm7r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrpj-r8h7-rm7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373723?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1"}],"aliases":["CVE-2024-43166","GHSA-rrpj-r8h7-rm7r"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2sy-k3dv-ebfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48414?format=json","vulnerability_id":"VCID-mqvn-n1us-hyds","summary":"Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29831","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49744","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49731","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.57135","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.57015","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29831"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/08/09/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/08/09/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29831","reference_id":"CVE-2024-29831","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29831"},{"reference_url":"https://github.com/advisories/GHSA-m9q4-p56m-mc6q","reference_id":"GHSA-m9q4-p56m-mc6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9q4-p56m-mc6q"},{"reference_url":"https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0","reference_id":"x1ch0x5om3srtbnp7rtsvdszho3mdrq0","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-12T15:05:34Z/"}],"url":"https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32965?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734594?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha"}],"aliases":["CVE-2024-29831","GHSA-m9q4-p56m-mc6q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqvn-n1us-hyds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357528?format=json","vulnerability_id":"VCID-quhn-8q8z-6keg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49068","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36676","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36855","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3688","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36868","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49068"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15192","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/pull/15192"},{"reference_url":"https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49068","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49068"},{"reference_url":"https://github.com/advisories/GHSA-c6cg-73p3-973h","reference_id":"GHSA-c6cg-73p3-973h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6cg-73p3-973h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29143?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-49068","GHSA-c6cg-73p3-973h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quhn-8q8z-6keg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133180?format=json","vulnerability_id":"VCID-x9k8-7n11-ybg1","summary":"Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49299","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69847","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69745","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6985","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49299"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15228","reference_id":"15228","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15228"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/23/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/23/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49299","reference_id":"CVE-2023-49299","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49299"},{"reference_url":"https://github.com/advisories/GHSA-v7hg-77v9-2445","reference_id":"GHSA-v7hg-77v9-2445","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7hg-77v9-2445"},{"reference_url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm","reference_id":"tnf99qoc6tlnwrny4t1zk6mfszgdsokm","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/"}],"url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394970?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n8r-zeeq-jfcu"},{"vulnerability":"VCID-79gt-bpru-tyhf"},{"vulnerability":"VCID-9q4r-z1tz-q7b8"},{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-c5cd-ujks-b7dr"},{"vulnerability":"VCID-kkj3-3m9g-v7eu"},{"vulnerability":"VCID-kznh-5jy7-zbdp"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-quhn-8q8z-6keg"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9"}],"aliases":["CVE-2023-49299","GHSA-v7hg-77v9-2445"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k8-7n11-ybg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31339?format=json","vulnerability_id":"VCID-xs15-qsyz-gbgk","summary":"Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.\n\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43115","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27454","published_at":"2026-06-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27436","published_at":"2026-06-14T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27232","published_at":"2026-06-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27433","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43115"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43115","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43115"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/09/03/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/09/03/1"},{"reference_url":"https://github.com/advisories/GHSA-3vcp-r62v-xpvg","reference_id":"GHSA-3vcp-r62v-xpvg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vcp-r62v-xpvg"},{"reference_url":"https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj","reference_id":"qm36nrsv1vrr2j4o5q2wo75h3686hrnj","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:45:02Z/"}],"url":"https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32965?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/734594?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-x5a8-m3jz-tkc4"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha"}],"aliases":["CVE-2024-43115","GHSA-3vcp-r62v-xpvg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xs15-qsyz-gbgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66851?format=json","vulnerability_id":"VCID-zxdw-tgbb-aqdc","summary":"Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.1. \n\nUsers are recommended to upgrade to version 3.4.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23902","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06673","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06643","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0665","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0666","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23902"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23902","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23902"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/24/1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/24/1"},{"reference_url":"https://github.com/advisories/GHSA-72mv-wwvm-vgp5","reference_id":"GHSA-72mv-wwvm-vgp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72mv-wwvm-vgp5"},{"reference_url":"https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9","reference_id":"hy4ntb2gys8150zfmnxhsd5ph0hoh7s9","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:25:12Z/"}],"url":"https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373398?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1"}],"aliases":["CVE-2026-23902","GHSA-72mv-wwvm-vgp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdw-tgbb-aqdc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129144?format=json","vulnerability_id":"VCID-w6ra-9hyq-r7ew","summary":"On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25601","reference_id":"","reference_type":"","scores":[{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59997","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59988","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59877","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59985","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25601"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/12893","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/pull/12893"},{"reference_url":"https://github.com/apache/dolphinscheduler/releases/tag/3.1.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/releases/tag/3.1.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25601","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25601"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/20/10","reference_id":"10","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:08:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/20/10"},{"reference_url":"https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf","reference_id":"25g77jqczp3t8cz56hk1p65q7m6c64rf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:08:10Z/"}],"url":"https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf"},{"reference_url":"https://github.com/advisories/GHSA-3jxw-cv35-2mmv","reference_id":"GHSA-3jxw-cv35-2mmv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3jxw-cv35-2mmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393383?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n8r-zeeq-jfcu"},{"vulnerability":"VCID-79gt-bpru-tyhf"},{"vulnerability":"VCID-9q4r-z1tz-q7b8"},{"vulnerability":"VCID-a2gv-s3b1-23ed"},{"vulnerability":"VCID-c5cd-ujks-b7dr"},{"vulnerability":"VCID-kkj3-3m9g-v7eu"},{"vulnerability":"VCID-kznh-5jy7-zbdp"},{"vulnerability":"VCID-m2sy-k3dv-ebfn"},{"vulnerability":"VCID-mqvn-n1us-hyds"},{"vulnerability":"VCID-quhn-8q8z-6keg"},{"vulnerability":"VCID-x9k8-7n11-ybg1"},{"vulnerability":"VCID-xs15-qsyz-gbgk"},{"vulnerability":"VCID-zxdw-tgbb-aqdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.2"}],"aliases":["CVE-2023-25601","GHSA-3jxw-cv35-2mmv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ra-9hyq-r7ew"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.2"}