VYPR

PyPI package

apache-dolphinscheduler

pkg:pypi/apache-dolphinscheduler

Vulnerabilities (2)

  • CVE-2023-48796Nov 24, 2023
    affected >= 3.0.0, < 3.0.2fixed 3.0.2

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment var

  • CVE-2022-25598Mar 30, 2022
    affected < 2.0.5fixed 2.0.5

    Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.