Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.1.8
Typemaven
Namespaceorg.apache.dolphinscheduler
Namedolphinscheduler-master
Version3.1.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.1
Latest_non_vulnerable_version3.2.1
Affected_by_vulnerabilities
0
url VCID-kkj3-3m9g-v7eu
vulnerability_id VCID-kkj3-3m9g-v7eu
summary 
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.

This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.

This issue affects Apache DolphinScheduler: until 3.2.1.

Users are recommended to upgrade to version 3.2.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23320
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.73295
published_at 2026-06-11T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.73387
published_at 2026-06-13T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.73372
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23320
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c
3
reference_url https://github.com/apache/dolphinscheduler/pull/15487
reference_id 15487
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://github.com/apache/dolphinscheduler/pull/15487
4
reference_url https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq
reference_id 25qhfvlksozzp6j9y8ozznvjdjp3lxqq
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq
5
reference_url http://www.openwall.com/lists/oss-security/2024/02/23/3
reference_id 3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url http://www.openwall.com/lists/oss-security/2024/02/23/3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23320
reference_id CVE-2024-23320
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23320
7
reference_url https://github.com/advisories/GHSA-rc6h-qwj9-2c53
reference_id GHSA-rc6h-qwj9-2c53
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rc6h-qwj9-2c53
8
reference_url https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp
reference_id p7rwzdgrztdfps8x1bwx646f1mn0x6cp
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp
9
reference_url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_id tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/
url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.2.1
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.2.1
aliases CVE-2024-23320, GHSA-rc6h-qwj9-2c53
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkj3-3m9g-v7eu
1
url VCID-x9k8-7n11-ybg1
vulnerability_id VCID-x9k8-7n11-ybg1
summary 
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49299
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.69745
published_at 2026-06-11T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.6985
published_at 2026-06-13T12:55:00Z
2
value 0.00593
scoring_system epss
scoring_elements 0.69835
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49299
1
reference_url https://github.com/apache/dolphinscheduler
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler
2
reference_url https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2
3
reference_url https://github.com/apache/dolphinscheduler/pull/15228
reference_id 15228
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/
url https://github.com/apache/dolphinscheduler/pull/15228
4
reference_url http://www.openwall.com/lists/oss-security/2024/02/23/3
reference_id 3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/
url http://www.openwall.com/lists/oss-security/2024/02/23/3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49299
reference_id CVE-2023-49299
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49299
6
reference_url https://github.com/advisories/GHSA-v7hg-77v9-2445
reference_id GHSA-v7hg-77v9-2445
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7hg-77v9-2445
7
reference_url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_id tnf99qoc6tlnwrny4t1zk6mfszgdsokm
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/
url https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
fixed_packages
0
url pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.1.9
purl pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kkj3-3m9g-v7eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.1.9
aliases CVE-2023-49299, GHSA-v7hg-77v9-2445
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k8-7n11-ybg1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler-master@3.1.8