Improper Certificate Validation

org.apache.dolphinscheduler: dolphinscheduler-common is vulnerable to Improper Certificate Validation. The vulnerability is due to a lack of certificate verification in the HttpUtils class. This allows an attacker to perform a Man-in-the-Middle MITM attack by impersonating the server...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-alert (>=1.2.0 <=2.0.0-alpha) +15 more potentially affected by CVE-2023-49620 via org.apache.dolphinscheduler:dolphinscheduler-common (>=1.2.0 <=3.0.6)

org.apache.dolphinscheduler:dolphinscheduler-common MAVEN version =1.2.0, =1.1.0, =1.2.0, =2.0.1, =1.2.0, =1.2.0, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.2, =1.3.5, =1.2.0, =1.3.0, =1.3.6, =1.3.9, =3.0.6 and more Source cves: CVE-2023-49620 Source adv...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-alert (>=1.2.0 <=2.0.0-alpha) +10 more potentially affected by CVE-2022-26885 via org.apache.dolphinscheduler:dolphinscheduler-common (>=1.2.0 <=2.0.5)

org.apache.dolphinscheduler:dolphinscheduler-common MAVEN version =1.2.0, =1.1.0, =1.2.0, =2.0.1, =1.2.0, =1.2.0, =2.0.0, =2.0.2, =1.3.5, =1.2.0, =1.3.0, =1.3.6, =1.3.9, =2.0.5 Source cves: CVE-2022-26885 Source advisory: OSV:GHSA-JVC3-WJF6-7C6C...