PyPI package
apache-dolphinscheduler
pkg:pypi/apache-dolphinscheduler
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48796 | — | >= 3.0.0, < 3.0.2 | 3.0.2 | Nov 24, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment var | ||
| CVE-2022-25598 | — | < 2.0.5 | 2.0.5 | Mar 30, 2022 | Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. |
- CVE-2023-48796Nov 24, 2023affected >= 3.0.0, < 3.0.2fixed 3.0.2
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment var
- CVE-2022-25598Mar 30, 2022affected < 2.0.5fixed 2.0.5
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.