org.apache.dolphinscheduler:dolphinscheduler-api@1.3.2 vulnerabilities
-
latest version
3.2.1
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
6 months ago
-
licenses detected
- [1.2.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.dolphinscheduler:dolphinscheduler-api package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Session Fixation. An attacker can hijack a user session by exploiting the fact that a session remains valid even after the user's password has been changed. How to fix Session Fixation? Upgrade |
[,3.2.1)
|
Affected versions of this package are vulnerable to Information Exposure. An attacker can gain unauthorized access to sensitive data by exploiting this vulnerability. How to fix Information Exposure? Upgrade |
[,3.2.1)
|
Affected versions of this package are vulnerable to Directory Traversal due to improper resource validation. Exploiting this vulnerability allows users to add resources to the resource center with a relation path, which will impact only logged-in users. How to fix Directory Traversal? Upgrade |
[,2.6.0)
[3.0.0-alpha,3.0.0)
|
Affected versions of this package are vulnerable to Improper Authentication due to insufficient checks in How to fix Improper Authentication? Upgrade |
[,3.1.0)
|