{"url":"http://public2.vulnerablecode.io/api/packages/79382?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.2.1","type":"maven","namespace":"org.apache.dolphinscheduler","name":"dolphinscheduler","version":"1.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.1","latest_non_vulnerable_version":"3.4.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46519?format=json","vulnerability_id":"VCID-6nzs-31fa-vudc","summary":"Missing Authorization\nBefore DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49620","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56432","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56444","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56438","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49620"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530ac","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530ac"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/10307","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/pull/10307"},{"reference_url":"https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/30/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/30/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49620","reference_id":"CVE-2023-49620","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49620"},{"reference_url":"https://github.com/advisories/GHSA-r44q-98gx-pmh2","reference_id":"GHSA-r44q-98gx-pmh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r44q-98gx-pmh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67983?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ra7-3xzm-jbgt"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-9nf3-ytdq-hfcu"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-m8pu-577g-4qe5"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t29h-zzxt-hbbk"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.0"}],"aliases":["CVE-2023-49620","GHSA-r44q-98gx-pmh2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6nzs-31fa-vudc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47111?format=json","vulnerability_id":"VCID-9499-ush9-ayhh","summary":"Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server.\n\nThis issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.\n\nThis issue affects Apache DolphinScheduler: until 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23320","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73235","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73253","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23320"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/ef9ed3db55cb1647886b06c2b2c6a5cfcdccfb5c"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15487","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15487"},{"reference_url":"https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq"},{"reference_url":"https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp"},{"reference_url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/23/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:27:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/23/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23320","reference_id":"CVE-2024-23320","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23320"},{"reference_url":"https://github.com/advisories/GHSA-rc6h-qwj9-2c53","reference_id":"GHSA-rc6h-qwj9-2c53","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rc6h-qwj9-2c53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67898?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2024-23320","GHSA-rc6h-qwj9-2c53"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9499-ush9-ayhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46760?format=json","vulnerability_id":"VCID-a9cw-q6g7-t3d6","summary":"Apache DolphinScheduler: Arbitrary js execute as root for authenticated users\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49299","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69678","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69688","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6968","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49299"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15228","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15228"},{"reference_url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/"}],"url":"https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/23/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-26T20:21:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/23/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49299","reference_id":"CVE-2023-49299","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49299"},{"reference_url":"https://github.com/advisories/GHSA-v7hg-77v9-2445","reference_id":"GHSA-v7hg-77v9-2445","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7hg-77v9-2445"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68394?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-m8pu-577g-4qe5"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t29h-zzxt-hbbk"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.1.9"}],"aliases":["CVE-2023-49299","GHSA-v7hg-77v9-2445"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9cw-q6g7-t3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47051?format=json","vulnerability_id":"VCID-aer3-3j27-gqaa","summary":"Insufficient Session Expiration\nSession Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50270","reference_id":"","reference_type":"","scores":[{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77825","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77818","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77815","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50270"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15219","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15219"},{"reference_url":"https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6"},{"reference_url":"https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/02/20/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T17:07:02Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/02/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50270","reference_id":"CVE-2023-50270","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50270"},{"reference_url":"https://github.com/advisories/GHSA-vjqc-g788-f378","reference_id":"GHSA-vjqc-g788-f378","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjqc-g788-f378"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67898?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-50270","GHSA-vjqc-g788-f378"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aer3-3j27-gqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47053?format=json","vulnerability_id":"VCID-bqnz-n1hj-r3gx","summary":"Improper Certificate Validation in Apache DolphinScheduler\nBecause the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49250","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38036","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38007","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38039","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49250"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15288","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15288"},{"reference_url":"https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/"}],"url":"https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:17:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49250","reference_id":"CVE-2023-49250","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49250"},{"reference_url":"https://github.com/advisories/GHSA-37gx-jqx9-fwmg","reference_id":"GHSA-37gx-jqx9-fwmg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37gx-jqx9-fwmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67898?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-49250","GHSA-37gx-jqx9-fwmg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqnz-n1hj-r3gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41652?format=json","vulnerability_id":"VCID-dk6a-gdh4-2fbj","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIn Apache DolphinScheduler authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27644","reference_id":"","reference_type":"","scores":[{"value":"0.0116","scoring_system":"epss","scoring_elements":"0.78957","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0116","scoring_system":"epss","scoring_elements":"0.78954","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0116","scoring_system":"epss","scoring_elements":"0.78963","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0116","scoring_system":"epss","scoring_elements":"0.7893","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27644"},{"reference_url":"https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27644","reference_id":"CVE-2021-27644","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27644"},{"reference_url":"https://github.com/advisories/GHSA-93g4-3phc-g4xw","reference_id":"GHSA-93g4-3phc-g4xw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93g4-3phc-g4xw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59437?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-dkpw-agff-ebcv"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pb5n-s8tt-ykeb"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-yc2s-jxa6-8ua9"},{"vulnerability":"VCID-z8sf-946n-kkgv"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.6"}],"aliases":["CVE-2021-27644","GHSA-93g4-3phc-g4xw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk6a-gdh4-2fbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108759?format=json","vulnerability_id":"VCID-dkpw-agff-ebcv","summary":"Apache DolphinScheduler vulnerable to Path Traversal\nUsers can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26884","reference_id":"","reference_type":"","scores":[{"value":"0.01609","scoring_system":"epss","scoring_elements":"0.8209","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01609","scoring_system":"epss","scoring_elements":"0.82123","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01609","scoring_system":"epss","scoring_elements":"0.8212","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26884"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/releases/tag/2.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/releases/tag/2.0.6"},{"reference_url":"https://lists.apache.org/thread/xfdst5y4hnrm2ntmc5jzrgmw2htyyb9c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:36:21Z/"}],"url":"https://lists.apache.org/thread/xfdst5y4hnrm2ntmc5jzrgmw2htyyb9c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26884","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26884"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/28/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:36:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/10/28/2"},{"reference_url":"https://github.com/advisories/GHSA-vpgf-fgm8-gxr2","reference_id":"GHSA-vpgf-fgm8-gxr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpgf-fgm8-gxr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144513?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6"}],"aliases":["CVE-2022-26884","GHSA-vpgf-fgm8-gxr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkpw-agff-ebcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58138?format=json","vulnerability_id":"VCID-kw72-g6v7-7fgk","summary":"Apache DolphinScheduler vulnerable to Alert Script Attack\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script.\n\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43115","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27326","published_at":"2026-06-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27235","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27275","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43115"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:45:02Z/"}],"url":"https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/09/03/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/09/03/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43115","reference_id":"CVE-2024-43115","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43115"},{"reference_url":"https://github.com/advisories/GHSA-3vcp-r62v-xpvg","reference_id":"GHSA-3vcp-r62v-xpvg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vcp-r62v-xpvg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82388?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/756455?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha"}],"aliases":["CVE-2024-43115","GHSA-3vcp-r62v-xpvg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw72-g6v7-7fgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47069?format=json","vulnerability_id":"VCID-p7d8-kg27-nbee","summary":"Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1.\n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51770","reference_id":"","reference_type":"","scores":[{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80399","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80396","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51770"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15433","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"https://github.com/apache/dolphinscheduler/pull/15433"},{"reference_url":"https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g"},{"reference_url":"https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/20/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:29:47Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/20/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51770","reference_id":"CVE-2023-51770","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51770"},{"reference_url":"https://github.com/advisories/GHSA-ff2w-wm48-jhqj","reference_id":"GHSA-ff2w-wm48-jhqj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ff2w-wm48-jhqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67898?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-51770","GHSA-ff2w-wm48-jhqj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7d8-kg27-nbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110170?format=json","vulnerability_id":"VCID-pb5n-s8tt-ykeb","summary":"Apache Dolphin Scheduler has insufficiently protected credentials\nWhen using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26885","reference_id":"","reference_type":"","scores":[{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71471","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71515","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26885"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/releases/tag/2.0.6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/releases/tag/2.0.6"},{"reference_url":"https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:17:28Z/"}],"url":"https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26885","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26885"},{"reference_url":"https://github.com/advisories/GHSA-jvc3-wjf6-7c6c","reference_id":"GHSA-jvc3-wjf6-7c6c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvc3-wjf6-7c6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144513?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6"}],"aliases":["CVE-2022-26885","GHSA-jvc3-wjf6-7c6c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb5n-s8tt-ykeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55670?format=json","vulnerability_id":"VCID-pnp9-9m41-jqdh","summary":"Apache DolphinScheduler: RCE by arbitrary js execution\nImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29831","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56939","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56951","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56943","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29831"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-12T15:05:34Z/"}],"url":"https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/08/09/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/08/09/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29831","reference_id":"CVE-2024-29831","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29831"},{"reference_url":"https://github.com/advisories/GHSA-m9q4-p56m-mc6q","reference_id":"GHSA-m9q4-p56m-mc6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9q4-p56m-mc6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82388?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/756455?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.0-alpha"}],"aliases":["CVE-2024-29831","GHSA-m9q4-p56m-mc6q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnp9-9m41-jqdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35706?format=json","vulnerability_id":"VCID-rd8x-n14v-a3g5","summary":"Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13922","reference_id":"","reference_type":"","scores":[{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.74919","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.74944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.74952","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00831","scoring_system":"epss","scoring_elements":"0.74948","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13922"},{"reference_url":"https://github.com/apache/incubator-dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-dolphinscheduler"},{"reference_url":"https://github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml"},{"reference_url":"https://www.mail-archive.com/announce%40apache.org/msg06076.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mail-archive.com/announce%40apache.org/msg06076.html"},{"reference_url":"https://www.mail-archive.com/announce@apache.org/msg06076.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mail-archive.com/announce@apache.org/msg06076.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13922","reference_id":"CVE-2020-13922","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13922"},{"reference_url":"https://github.com/advisories/GHSA-qhh5-9738-g9mx","reference_id":"GHSA-qhh5-9738-g9mx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qhh5-9738-g9mx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79460?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-dk6a-gdh4-2fbj"},{"vulnerability":"VCID-dkpw-agff-ebcv"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pb5n-s8tt-ykeb"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-yc2s-jxa6-8ua9"},{"vulnerability":"VCID-z8sf-946n-kkgv"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.2"}],"aliases":["CVE-2020-13922","GHSA-qhh5-9738-g9mx","PYSEC-2021-876"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8x-n14v-a3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89078?format=json","vulnerability_id":"VCID-rkba-ka1m-fbdq","summary":"Apache DolphinScheduler has an Incorrect Authorization Vulnerability\nIncorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.1. \n\nUsers are recommended to upgrade to version 3.4.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23902","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06668","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06662","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06674","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23902"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:25:12Z/"}],"url":"https://lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23902","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23902"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/24/1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/24/1"},{"reference_url":"https://github.com/advisories/GHSA-72mv-wwvm-vgp5","reference_id":"GHSA-72mv-wwvm-vgp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72mv-wwvm-vgp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110101?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.4.1"}],"aliases":["CVE-2026-23902","GHSA-72mv-wwvm-vgp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkba-ka1m-fbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110222?format=json","vulnerability_id":"VCID-t6hf-upum-fket","summary":"Apache DolphinScheduler vulnerable to Path Traversal\nWhen users add resources to the resource center with a relation path, this vulnerability will cause path traversal issues for logged-in users. Users should upgrade to version 3.0.0 to avoid this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34662","reference_id":"","reference_type":"","scores":[{"value":"0.01049","scoring_system":"epss","scoring_elements":"0.77867","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01049","scoring_system":"epss","scoring_elements":"0.77891","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01049","scoring_system":"epss","scoring_elements":"0.77901","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01049","scoring_system":"epss","scoring_elements":"0.77894","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34662"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T03:16:38Z/"}],"url":"https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34662","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34662"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/13","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T03:16:38Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/13"},{"reference_url":"https://github.com/advisories/GHSA-fp35-xrrr-3gph","reference_id":"GHSA-fp35-xrrr-3gph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fp35-xrrr-3gph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64857?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ra7-3xzm-jbgt"},{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-bzfg-r7ht-f3bb"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t29h-zzxt-hbbk"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.0.0"}],"aliases":["CVE-2022-34662","GHSA-fp35-xrrr-3gph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6hf-upum-fket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53901?format=json","vulnerability_id":"VCID-tc37-6huh-v7gs","summary":"Code Execution\nIn DolphinScheduler, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11974","reference_id":"","reference_type":"","scores":[{"value":"0.11349","scoring_system":"epss","scoring_elements":"0.93684","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11349","scoring_system":"epss","scoring_elements":"0.93693","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11349","scoring_system":"epss","scoring_elements":"0.93694","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11974"},{"reference_url":"https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb@%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb@%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a@%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a@%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d@%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d@%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11@%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11@%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/09/8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/04/09/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11974","reference_id":"CVE-2020-11974","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11974"},{"reference_url":"https://github.com/advisories/GHSA-jpj4-5xwp-cv23","reference_id":"GHSA-jpj4-5xwp-cv23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jpj4-5xwp-cv23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79383?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-dk6a-gdh4-2fbj"},{"vulnerability":"VCID-dkpw-agff-ebcv"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pb5n-s8tt-ykeb"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rd8x-n14v-a3g5"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-yc2s-jxa6-8ua9"},{"vulnerability":"VCID-z8sf-946n-kkgv"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.3.0"}],"aliases":["CVE-2020-11974","GHSA-jpj4-5xwp-cv23"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc37-6huh-v7gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58046?format=json","vulnerability_id":"VCID-vcek-m7ex-a7hm","summary":"Apache DolphinScheduler Incorrect Default Permissions Vulnerability\nIncorrect Default Permissions vulnerability in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43166","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36876","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36841","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3687","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43166"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-03T13:44:48Z/"}],"url":"https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43166","reference_id":"CVE-2024-43166","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43166"},{"reference_url":"https://github.com/advisories/GHSA-rrpj-r8h7-rm7r","reference_id":"GHSA-rrpj-r8h7-rm7r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rrpj-r8h7-rm7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86353?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rkba-ka1m-fbdq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.3.1"}],"aliases":["CVE-2024-43166","GHSA-rrpj-r8h7-rm7r"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcek-m7ex-a7hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36072?format=json","vulnerability_id":"VCID-yc2s-jxa6-8ua9","summary":"Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25598","reference_id":"","reference_type":"","scores":[{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78636","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78662","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78671","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78663","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25598"},{"reference_url":"https://github.com/advisories/GHSA-qg5x-66hp-cw5p","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qg5x-66hp-cw5p"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml"},{"reference_url":"https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25598","reference_id":"CVE-2022-25598","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61166?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-dkpw-agff-ebcv"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pb5n-s8tt-ykeb"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-z8sf-946n-kkgv"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.5"}],"aliases":["CVE-2022-25598","GHSA-qg5x-66hp-cw5p","PYSEC-2022-176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yc2s-jxa6-8ua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110220?format=json","vulnerability_id":"VCID-z8sf-946n-kkgv","summary":"Command injection in Apache DolphinScheduler Alert Plugins\nAlarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45462","reference_id":"","reference_type":"","scores":[{"value":"0.21258","scoring_system":"epss","scoring_elements":"0.95787","published_at":"2026-06-04T12:55:00Z"},{"value":"0.21258","scoring_system":"epss","scoring_elements":"0.95796","published_at":"2026-06-07T12:55:00Z"},{"value":"0.21258","scoring_system":"epss","scoring_elements":"0.95795","published_at":"2026-06-06T12:55:00Z"},{"value":"0.21258","scoring_system":"epss","scoring_elements":"0.95792","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45462"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/10744","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/pull/10744"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/9834","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/pull/9834"},{"reference_url":"https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-25T19:08:28Z/"}],"url":"https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45462","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45462"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/23/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-25T19:08:28Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/23/1"},{"reference_url":"https://github.com/advisories/GHSA-wqg7-mx6p-2rw3","reference_id":"GHSA-wqg7-mx6p-2rw3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqg7-mx6p-2rw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144513?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6nzs-31fa-vudc"},{"vulnerability":"VCID-9499-ush9-ayhh"},{"vulnerability":"VCID-a9cw-q6g7-t3d6"},{"vulnerability":"VCID-aer3-3j27-gqaa"},{"vulnerability":"VCID-bqnz-n1hj-r3gx"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-p7d8-kg27-nbee"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-t6hf-upum-fket"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zx11-jxkm-bycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@2.0.6"}],"aliases":["CVE-2022-45462","GHSA-wqg7-mx6p-2rw3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8sf-946n-kkgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46479?format=json","vulnerability_id":"VCID-zx11-jxkm-bycp","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49068","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.3668","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36652","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36688","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49068"},{"reference_url":"https://github.com/apache/dolphinscheduler","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler"},{"reference_url":"https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134"},{"reference_url":"https://github.com/apache/dolphinscheduler/pull/15192","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/dolphinscheduler/pull/15192"},{"reference_url":"https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49068","reference_id":"CVE-2023-49068","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49068"},{"reference_url":"https://github.com/advisories/GHSA-c6cg-73p3-973h","reference_id":"GHSA-c6cg-73p3-973h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6cg-73p3-973h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67898?format=json","purl":"pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5p5x-ajpc-37fs"},{"vulnerability":"VCID-kw72-g6v7-7fgk"},{"vulnerability":"VCID-pnp9-9m41-jqdh"},{"vulnerability":"VCID-rkba-ka1m-fbdq"},{"vulnerability":"VCID-vcek-m7ex-a7hm"},{"vulnerability":"VCID-zqv8-jxsz-pqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@3.2.1"}],"aliases":["CVE-2023-49068","GHSA-c6cg-73p3-973h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zx11-jxkm-bycp"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dolphinscheduler/dolphinscheduler@1.2.1"}