org.apache.dolphinscheduler:dolphinscheduler-api

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.dolphinscheduler:dolphinscheduler-apipage 1 of 1

CVE-2020-13922MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.3.2
2021-01-11
vulnerable: 1.2.0, 1.2.1, 1.3.0, 1.3.1
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
CVE-2023-25601MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.1.2
2023-04-20
vulnerable: 3.0.0 ... 3.1.1 (9 versions)
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For u…
CVE-2023-49068HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.1
2023-11-27
vulnerable: 1.2.0 ... 3.2.0 (42 versions)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the…
CVE-2023-49620MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.1.0
2023-11-30
vulnerable: 1.2.0 ... 3.0.6 (31 versions)
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this iss…

Check whether org.apache.dolphinscheduler:dolphinscheduler-api is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.dolphinscheduler:dolphinscheduler-api CVEs against the assets you own.

Start Free Scan →