Vulnerabilities > Apache > Dolphinscheduler > 1.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-30 | CVE-2023-49299 | Improper Input Validation vulnerability in Apache Dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. | 8.8 |
| 2023-11-30 | CVE-2023-49620 | Missing Authorization vulnerability in Apache Dolphinscheduler Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. | 6.5 |
| 2023-11-27 | CVE-2023-49068 | Unspecified vulnerability in Apache Dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | 7.5 |
| 2023-01-04 | CVE-2022-45875 | Improper Input Validation vulnerability in Apache Dolphinscheduler Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. | 9.8 |
| 2022-11-24 | CVE-2022-26885 | Unspecified vulnerability in Apache Dolphinscheduler When using tasks to read config files, there is a risk of database password disclosure. | 7.5 |
| 2022-11-23 | CVE-2022-45462 | Command Injection vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
| 2022-11-01 | CVE-2022-34662 | Path Traversal vulnerability in Apache Dolphinscheduler When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. | 6.5 |
| 2022-10-28 | CVE-2022-26884 | Path Traversal vulnerability in Apache Dolphinscheduler Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | 6.5 |
| 2022-03-30 | CVE-2022-25598 | Unspecified vulnerability in Apache Dolphinscheduler Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | 7.5 |
| 2021-11-01 | CVE-2021-27644 | SQL Injection vulnerability in Apache Dolphinscheduler In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. | 8.8 |