Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache dolphinscheduler vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-11974
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
Apache Dolphinscheduler 1.2.1
Apache Dolphinscheduler 1.2.0
1 Github repository
534
VMScore
CVE-2021-27644
In Apache DolphinScheduler prior to 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Apache Dolphinscheduler
445
VMScore
CVE-2022-25598
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Apache Dolphinscheduler
356
VMScore
CVE-2020-13922
Versions of Apache DolphinScheduler before 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Apache Dolphinscheduler 1.2.1
Apache Dolphinscheduler 1.2.0
Apache Dolphinscheduler 1.3.1
1 Github repository
NA
CVE-2024-23320
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more ...
NA
CVE-2023-50270
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.
NA
CVE-2023-51770
Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: prior to 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
1 Github repository
NA
CVE-2023-49109
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: prior to 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
NA
CVE-2023-49250
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: prior to 3.2.0. Users are recommended to upgrade to ve...
NA
CVE-2023-49299
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fix...
Apache Dolphinscheduler
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »