6 matches found
org.apache.dolphinscheduler:dolphinscheduler-dist (>=3.3.2 <=3.4.0), org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2026-23902 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0-alpha <=3.4.0)
org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0-alpha, =3.3.2, =3.0.0, =3.0.6 Source cves: CVE-2026-23902 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-16431736...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path. Remediation Upgrade...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-dist (>=2.0.0 <=2.0.9) +2 more potentially affected by CVE-2023-49620 via org.apache.dolphinscheduler:dolphinscheduler-api (>=1.3.9 <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =1.3.9, =1.1.0, =2.0.0, =2.0.2, =1.3.9, =3.0.6 Source cves: CVE-2023-49620 Source advisory: OSV:GHSA-R44Q-98GX-PMH2...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-alert (>=1.2.0 <=2.0.0-alpha) +15 more potentially affected by CVE-2023-49620 via org.apache.dolphinscheduler:dolphinscheduler-common (>=1.2.0 <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-common MAVEN version =1.2.0, =1.1.0, =1.2.0, =2.0.1, =1.2.0, =1.2.0, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.2, =1.3.5, =1.2.0, =1.3.0, =1.3.6, =1.3.9, =3.0.6 and more Source cves: CVE-2023-49620 Source adv...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-dist (>=2.0.0 <=2.0.9) +2 more potentially affected by CVE-2023-49068 via org.apache.dolphinscheduler:dolphinscheduler-api (>=1.3.9 <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =1.3.9, =1.1.0, =2.0.0, =2.0.2, =1.3.9, =3.0.6 Source cves: CVE-2023-49068 Source advisory: OSV:GHSA-C6CG-73P3-973H...
org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2023-25601 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0 <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0, =3.0.0, =3.0.6 Source cves: CVE-2023-25601 Source advisory: OSV:GHSA-3JXW-CV35-2MMV...