org.apache.dolphinscheduler:dolphinscheduler-api@1.3.0 vulnerabilities
latest version
3.2.1
latest non vulnerable version
first published
4 years ago
latest version published
10 months ago
licenses detected
- [1.2.0,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.dolphinscheduler:dolphinscheduler-api package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Session Fixation. An attacker can hijack a user session by exploiting the fact that a session remains valid even after the user's password has been changed. How to fix Session Fixation? Upgrade | [,3.2.1) |
Affected versions of this package are vulnerable to Information Exposure. An attacker can gain unauthorized access to sensitive data by exploiting this vulnerability. How to fix Information Exposure? Upgrade | [,3.2.1) |
Affected versions of this package are vulnerable to Directory Traversal due to improper resource validation. Exploiting this vulnerability allows users to add resources to the resource center with a relation path, which will impact only logged-in users. How to fix Directory Traversal? Upgrade | [,2.6.0)[3.0.0-alpha,3.0.0) |
Affected versions of this package are vulnerable to Improper Authentication due to insufficient checks in How to fix Improper Authentication? Upgrade | [,3.1.0) |
Affected versions of this package are vulnerable to Incorrect Default Permissions via the api interface. An ordinary user under any tenant could override another user's password. How to fix Incorrect Default Permissions? Upgrade | [,1.3.2) |