Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.3
Typemaven
Namespaceorg.apache.dolphinscheduler
Namedolphinscheduler
Version3.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.1
Latest_non_vulnerable_version3.4.1
Affected_by_vulnerabilities
0
url VCID-2n8r-zeeq-jfcu
vulnerability_id VCID-2n8r-zeeq-jfcu
summary 
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler.

This vulnerability may allow unauthorized actors to access sensitive information, including database credentials.


This issue affects Apache DolphinScheduler versions 3.1.*.


Users are recommended to upgrade to:







  *  version ≥ 3.2.0 if using 3.1.x






As a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable:


```
MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus
```

Alternatively, add the following configuration to the application.yaml file:


```
management:
   endpoints:
     web:
        exposure:
          include: health,metrics,prometheus
```

This issue has been reported as CVE-2023-48796:

 https://cveprocess.apache.org/cve5/CVE-2023-48796
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62188
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08177
published_at 2026-06-12T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08171
published_at 2026-06-14T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.08173
published_at 2026-06-13T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.0814
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62188
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/releases/tag/3.0.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/releases/tag/3.0.2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62188
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62188
4
reference_url https://www.cve.org/CVERecord?id=CVE-2023-48796
reference_id CVERecord?id=CVE-2023-48796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:57:14Z/
url https://www.cve.org/CVERecord?id=CVE-2023-48796
5
reference_url https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo
reference_id ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:57:14Z/
url https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo
6
reference_url https://github.com/advisories/GHSA-3cjc-vhfm-ffp2
reference_id GHSA-3cjc-vhfm-ffp2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cjc-vhfm-ffp2
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79gt-bpru-tyhf
1
vulnerability VCID-9q4r-z1tz-q7b8
2
vulnerability VCID-a2gv-s3b1-23ed
3
vulnerability VCID-c5cd-ujks-b7dr
4
vulnerability VCID-kkj3-3m9g-v7eu
5
vulnerability VCID-kznh-5jy7-zbdp
6
vulnerability VCID-m2sy-k3dv-ebfn
7
vulnerability VCID-mqvn-n1us-hyds
8
vulnerability VCID-quhn-8q8z-6keg
9
vulnerability VCID-x5a8-m3jz-tkc4
10
vulnerability VCID-xs15-qsyz-gbgk
11
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.0
aliases CVE-2025-62188, GHSA-3cjc-vhfm-ffp2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n8r-zeeq-jfcu
1
url VCID-79gt-bpru-tyhf
vulnerability_id VCID-79gt-bpru-tyhf
summary 
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50270
reference_id
reference_type
scores
0
value 0.01042
scoring_system epss
scoring_elements 0.77941
published_at 2026-06-14T12:55:00Z
1
value 0.01042
scoring_system epss
scoring_elements 0.77947
published_at 2026-06-13T12:55:00Z
2
value 0.01042
scoring_system epss
scoring_elements 0.77934
published_at 2026-06-12T12:55:00Z
3
value 0.01042
scoring_system epss
scoring_elements 0.77865
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50270
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/20/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/02/20/3
3
reference_url https://github.com/apache/dolphinscheduler/pull/15219
reference_id 15219
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/
url https://github.com/apache/dolphinscheduler/pull/15219
4
reference_url https://www.openwall.com/lists/oss-security/2024/02/20/3
reference_id 3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/
url https://www.openwall.com/lists/oss-security/2024/02/20/3
5
reference_url https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
reference_id 94prw8hyk60vvw7s6cs3tr708qzqlwl6
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/
url https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50270
reference_id CVE-2023-50270
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50270
7
reference_url https://github.com/advisories/GHSA-vjqc-g788-f378
reference_id GHSA-vjqc-g788-f378
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vjqc-g788-f378
8
reference_url https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
reference_id lmnf21obyos920dnvbfpwq29c1sd2r9r
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/
url https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2gv-s3b1-23ed
1
vulnerability VCID-m2sy-k3dv-ebfn
2
vulnerability VCID-mqvn-n1us-hyds
3
vulnerability VCID-x5a8-m3jz-tkc4
4
vulnerability VCID-xs15-qsyz-gbgk
5
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
aliases CVE-2023-50270, GHSA-vjqc-g788-f378
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79gt-bpru-tyhf
2
url VCID-9q4r-z1tz-q7b8
vulnerability_id VCID-9q4r-z1tz-q7b8
summary 
Arbitrary File Read Vulnerability in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.1. 

We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51770
reference_id
reference_type
scores
0
value 0.01343
scoring_system epss
scoring_elements 0.80515
published_at 2026-06-14T12:55:00Z
1
value 0.01343
scoring_system epss
scoring_elements 0.80523
published_at 2026-06-13T12:55:00Z
2
value 0.01343
scoring_system epss
scoring_elements 0.80512
published_at 2026-06-12T12:55:00Z
3
value 0.01343
scoring_system epss
scoring_elements 0.8045
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51770
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/pull/15433
reference_id 15433
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/
url https://github.com/apache/dolphinscheduler/pull/15433
3
reference_url http://www.openwall.com/lists/oss-security/2024/02/20/2
reference_id 2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/
url http://www.openwall.com/lists/oss-security/2024/02/20/2
4
reference_url https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g
reference_id 4t8bdjqnfhldh73gy9p0whlgvnnbtn7g
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/
url https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51770
reference_id CVE-2023-51770
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51770
6
reference_url https://github.com/advisories/GHSA-ff2w-wm48-jhqj
reference_id GHSA-ff2w-wm48-jhqj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff2w-wm48-jhqj
7
reference_url https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw
reference_id gpks573kn00ofxn7n9gkg6o47d03p5rw
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/
url https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2gv-s3b1-23ed
1
vulnerability VCID-m2sy-k3dv-ebfn
2
vulnerability VCID-mqvn-n1us-hyds
3
vulnerability VCID-x5a8-m3jz-tkc4
4
vulnerability VCID-xs15-qsyz-gbgk
5
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
aliases CVE-2023-51770, GHSA-ff2w-wm48-jhqj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9q4r-z1tz-q7b8
3
url VCID-a2gv-s3b1-23ed
vulnerability_id VCID-a2gv-s3b1-23ed
summary 
File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files.
This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.

Users are recommended to upgrade to version 3.2.2, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30188
reference_id
reference_type
scores
0
value 0.88514
scoring_system epss
scoring_elements 0.99524
published_at 2026-06-11T12:55:00Z
1
value 0.88514
scoring_system epss
scoring_elements 0.99526
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30188
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30188
reference_id CVE-2024-30188
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30188
3
reference_url https://github.com/advisories/GHSA-4vv4-crw4-8pcw
reference_id GHSA-4vv4-crw4-8pcw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vv4-crw4-8pcw
4
reference_url https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07
reference_id tbrt42mnr42bq6scxwt6bjr3s2pwyd07
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-10T14:25:59Z/
url https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
1
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m2sy-k3dv-ebfn
1
vulnerability VCID-x5a8-m3jz-tkc4
2
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
aliases CVE-2024-30188, GHSA-4vv4-crw4-8pcw
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2gv-s3b1-23ed
4
url VCID-c5cd-ujks-b7dr
vulnerability_id VCID-c5cd-ujks-b7dr
summary 
Exposure of Remote Code Execution in Apache Dolphinscheduler.

This issue affects Apache DolphinScheduler: before 3.2.1. 

We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49109
reference_id
reference_type
scores
0
value 0.0712
scoring_system epss
scoring_elements 0.91762
published_at 2026-06-12T12:55:00Z
1
value 0.0712
scoring_system epss
scoring_elements 0.91767
published_at 2026-06-14T12:55:00Z
2
value 0.0712
scoring_system epss
scoring_elements 0.9177
published_at 2026-06-13T12:55:00Z
3
value 0.0712
scoring_system epss
scoring_elements 0.91734
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49109
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/pull/14991
reference_id 14991
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/
url https://github.com/apache/dolphinscheduler/pull/14991
3
reference_url http://www.openwall.com/lists/oss-security/2024/02/20/4
reference_id 4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/
url http://www.openwall.com/lists/oss-security/2024/02/20/4
4
reference_url https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8
reference_id 5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/
url https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8
5
reference_url https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5
reference_id 6kgsl93vtqlbdk6otttl0d8wmlspk0m5
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T15:21:40Z/
url https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49109
reference_id CVE-2023-49109
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49109
7
reference_url https://github.com/advisories/GHSA-qwxx-xww6-8q8m
reference_id GHSA-qwxx-xww6-8q8m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwxx-xww6-8q8m
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2gv-s3b1-23ed
1
vulnerability VCID-m2sy-k3dv-ebfn
2
vulnerability VCID-mqvn-n1us-hyds
3
vulnerability VCID-x5a8-m3jz-tkc4
4
vulnerability VCID-xs15-qsyz-gbgk
5
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
aliases CVE-2023-49109, GHSA-qwxx-xww6-8q8m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5cd-ujks-b7dr
5
url VCID-kkj3-3m9g-v7eu
vulnerability_id VCID-kkj3-3m9g-v7eu
summary 
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.

This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.

This issue affects Apache DolphinScheduler: until 3.2.1.

Users are recommended to upgrade to version 3.2.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23320
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.73295
published_at 2026-06-11T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.73385
published_at 2026-06-14T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.73387
published_at 2026-06-13T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.73372
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23320
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c
3
reference_url https://github.com/apache/dolphinscheduler/pull/15487
reference_id 15487
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://github.com/apache/dolphinscheduler/pull/15487
4
reference_url https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq
reference_id 25qhfvlksozzp6j9y8ozznvjdjp3lxqq
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq
5
reference_url http://www.openwall.com/lists/oss-security/2024/02/23/3
reference_id 3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url http://www.openwall.com/lists/oss-security/2024/02/23/3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23320
reference_id CVE-2024-23320
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23320
7
reference_url https://github.com/advisories/GHSA-rc6h-qwj9-2c53
reference_id GHSA-rc6h-qwj9-2c53
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rc6h-qwj9-2c53
8
reference_url https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp
reference_id p7rwzdgrztdfps8x1bwx646f1mn0x6cp
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp
9
reference_url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_id tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2gv-s3b1-23ed
1
vulnerability VCID-m2sy-k3dv-ebfn
2
vulnerability VCID-mqvn-n1us-hyds
3
vulnerability VCID-x5a8-m3jz-tkc4
4
vulnerability VCID-xs15-qsyz-gbgk
5
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
aliases CVE-2024-23320, GHSA-rc6h-qwj9-2c53
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkj3-3m9g-v7eu
6
url VCID-kznh-5jy7-zbdp
vulnerability_id VCID-kznh-5jy7-zbdp
summary 
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.

This issue affects Apache DolphinScheduler: before 3.2.0.

Users are recommended to upgrade to version 3.2.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49250
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38213
published_at 2026-06-12T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38225
published_at 2026-06-14T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.38238
published_at 2026-06-13T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.38036
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49250
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/20/1
reference_id 1
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/
url http://www.openwall.com/lists/oss-security/2024/02/20/1
3
reference_url https://github.com/apache/dolphinscheduler/pull/15288
reference_id 15288
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/
url https://github.com/apache/dolphinscheduler/pull/15288
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49250
reference_id CVE-2023-49250
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49250
5
reference_url https://github.com/advisories/GHSA-37gx-jqx9-fwmg
reference_id GHSA-37gx-jqx9-fwmg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-37gx-jqx9-fwmg
6
reference_url https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn
reference_id wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/
url https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2gv-s3b1-23ed
1
vulnerability VCID-m2sy-k3dv-ebfn
2
vulnerability VCID-mqvn-n1us-hyds
3
vulnerability VCID-x5a8-m3jz-tkc4
4
vulnerability VCID-xs15-qsyz-gbgk
5
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
aliases CVE-2023-49250, GHSA-37gx-jqx9-fwmg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kznh-5jy7-zbdp
7
url VCID-m2sy-k3dv-ebfn
vulnerability_id VCID-m2sy-k3dv-ebfn
summary 
Incorrect Default Permissions vulnerability in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43166
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.37042
published_at 2026-06-12T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37054
published_at 2026-06-14T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.36864
published_at 2026-06-11T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.3707
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43166
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43166
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43166
3
reference_url https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk
reference_id 8zd69zkkx55qp365xp4tml1xh9og5lhk
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:44:48Z/
url https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk
4
reference_url https://github.com/advisories/GHSA-rrpj-r8h7-rm7r
reference_id GHSA-rrpj-r8h7-rm7r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrpj-r8h7-rm7r
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1
aliases CVE-2024-43166, GHSA-rrpj-r8h7-rm7r
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2sy-k3dv-ebfn
8
url VCID-mqvn-n1us-hyds
vulnerability_id VCID-mqvn-n1us-hyds
summary Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29831
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49744
published_at 2026-06-13T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49731
published_at 2026-06-14T12:55:00Z
2
value 0.00339
scoring_system epss
scoring_elements 0.57135
published_at 2026-06-12T12:55:00Z
3
value 0.00339
scoring_system epss
scoring_elements 0.57015
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29831
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url http://www.openwall.com/lists/oss-security/2024/08/09/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/08/09/6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29831
reference_id CVE-2024-29831
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29831
4
reference_url https://github.com/advisories/GHSA-m9q4-p56m-mc6q
reference_id GHSA-m9q4-p56m-mc6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9q4-p56m-mc6q
5
reference_url https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0
reference_id x1ch0x5om3srtbnp7rtsvdszho3mdrq0
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-12T15:05:34Z/
url https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
1
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m2sy-k3dv-ebfn
1
vulnerability VCID-x5a8-m3jz-tkc4
2
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
aliases CVE-2024-29831, GHSA-m9q4-p56m-mc6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqvn-n1us-hyds
9
url VCID-quhn-8q8z-6keg
vulnerability_id VCID-quhn-8q8z-6keg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49068
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36676
published_at 2026-06-11T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36855
published_at 2026-06-12T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.3688
published_at 2026-06-13T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36868
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49068
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134
3
reference_url https://github.com/apache/dolphinscheduler/pull/15192
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/pull/15192
4
reference_url https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49068
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49068
6
reference_url https://github.com/advisories/GHSA-c6cg-73p3-973h
reference_id GHSA-c6cg-73p3-973h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6cg-73p3-973h
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2gv-s3b1-23ed
1
vulnerability VCID-m2sy-k3dv-ebfn
2
vulnerability VCID-mqvn-n1us-hyds
3
vulnerability VCID-x5a8-m3jz-tkc4
4
vulnerability VCID-xs15-qsyz-gbgk
5
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1
aliases CVE-2023-49068, GHSA-c6cg-73p3-973h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quhn-8q8z-6keg
10
url VCID-x9k8-7n11-ybg1
vulnerability_id VCID-x9k8-7n11-ybg1
summary 
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49299
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.69835
published_at 2026-06-12T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.69847
published_at 2026-06-14T12:55:00Z
2
value 0.00593
scoring_system epss
scoring_elements 0.69745
published_at 2026-06-11T12:55:00Z
3
value 0.00593
scoring_system epss
scoring_elements 0.6985
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49299
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2
3
reference_url https://github.com/apache/dolphinscheduler/pull/15228
reference_id 15228
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/
url https://github.com/apache/dolphinscheduler/pull/15228
4
reference_url http://www.openwall.com/lists/oss-security/2024/02/23/3
reference_id 3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/
url http://www.openwall.com/lists/oss-security/2024/02/23/3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49299
reference_id CVE-2023-49299
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49299
6
reference_url https://github.com/advisories/GHSA-v7hg-77v9-2445
reference_id GHSA-v7hg-77v9-2445
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7hg-77v9-2445
7
reference_url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_id tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/
url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2n8r-zeeq-jfcu
1
vulnerability VCID-79gt-bpru-tyhf
2
vulnerability VCID-9q4r-z1tz-q7b8
3
vulnerability VCID-a2gv-s3b1-23ed
4
vulnerability VCID-c5cd-ujks-b7dr
5
vulnerability VCID-kkj3-3m9g-v7eu
6
vulnerability VCID-kznh-5jy7-zbdp
7
vulnerability VCID-m2sy-k3dv-ebfn
8
vulnerability VCID-mqvn-n1us-hyds
9
vulnerability VCID-quhn-8q8z-6keg
10
vulnerability VCID-xs15-qsyz-gbgk
11
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9
aliases CVE-2023-49299, GHSA-v7hg-77v9-2445
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k8-7n11-ybg1
11
url VCID-xs15-qsyz-gbgk
vulnerability_id VCID-xs15-qsyz-gbgk
summary 
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.


This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43115
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27454
published_at 2026-06-13T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27436
published_at 2026-06-14T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.27232
published_at 2026-06-11T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27433
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43115
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43115
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43115
3
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/09/03/1
4
reference_url https://github.com/advisories/GHSA-3vcp-r62v-xpvg
reference_id GHSA-3vcp-r62v-xpvg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vcp-r62v-xpvg
5
reference_url https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj
reference_id qm36nrsv1vrr2j4o5q2wo75h3686hrnj
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:45:02Z/
url https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2
1
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m2sy-k3dv-ebfn
1
vulnerability VCID-x5a8-m3jz-tkc4
2
vulnerability VCID-zxdw-tgbb-aqdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha
aliases CVE-2024-43115, GHSA-3vcp-r62v-xpvg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xs15-qsyz-gbgk
12
url VCID-zxdw-tgbb-aqdc
vulnerability_id VCID-zxdw-tgbb-aqdc
summary 
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.

This issue affects Apache DolphinScheduler versions prior to 3.4.1. 

Users are recommended to upgrade to version 3.4.1, which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23902
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06673
published_at 2026-06-12T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06643
published_at 2026-06-14T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.0665
published_at 2026-06-11T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.0666
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23902
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23902
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23902
3
reference_url http://www.openwall.com/lists/oss-security/2026/04/24/1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/24/1
4
reference_url https://github.com/advisories/GHSA-72mv-wwvm-vgp5
reference_id GHSA-72mv-wwvm-vgp5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72mv-wwvm-vgp5
5
reference_url https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9
reference_id hy4ntb2gys8150zfmnxhsd5ph0hoh7s9
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:25:12Z/
url https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1
aliases CVE-2026-23902, GHSA-72mv-wwvm-vgp5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdw-tgbb-aqdc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.3