org.apache.dolphinscheduler:dolphinscheduler-api@2.0.0
latest version
3.4.2
latest non vulnerable version
first published
6 years ago
latest version published
27 days ago
licenses detected
- [1.2.0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.apache.dolphinscheduler:dolphinscheduler-api package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Incorrect Authorization due to missing permission checks in the How to fix Incorrect Authorization? Upgrade | [,3.4.2) |
Affected versions of this package are vulnerable to Incorrect Authorization in the delete task definitions module. An attacker can remove task definitions from projects they are not authorized to access by leveraging system login privileges. How to fix Incorrect Authorization? Upgrade | [,3.4.2) |
Affected versions of this package are vulnerable to Incorrect Authorization due to missing authorization checks in the How to fix Incorrect Authorization? Upgrade | [,3.4.2) |
Affected versions of this package are vulnerable to Incorrect Authorization via the view workflow endpoints. An attacker can gain unauthorized access to workflow instance information belonging to projects they do not have permission to access by sending crafted requests. How to fix Incorrect Authorization? Upgrade | [,3.4.2) |
Affected versions of this package are vulnerable to Incorrect Authorization in the alert instances. An attacker can gain unauthorized access to sensitive alert information by exploiting insufficient authorization checks. How to fix Incorrect Authorization? Upgrade | [,3.4.2) |
Affected versions of this package are vulnerable to Incorrect Authorization during workflow execution. An attacker can gain unauthorized access to resources by leveraging tenants that are not defined on the platform. How to fix Incorrect Authorization? Upgrade | [,3.4.1) |
Affected versions of this package are vulnerable to Session Fixation. An attacker can hijack a user session by exploiting the fact that a session remains valid even after the user's password has been changed. How to fix Session Fixation? Upgrade | [,3.2.1) |
Affected versions of this package are vulnerable to Missing Authorization allowing an authenticated user to delete UDFs in the resource center without proper permissions. How to fix Missing Authorization? Upgrade | [2.0.0,3.1.0) |
Affected versions of this package are vulnerable to Information Exposure. An attacker can gain unauthorized access to sensitive data by exploiting this vulnerability. How to fix Information Exposure? Upgrade | [,3.2.1) |
Affected versions of this package are vulnerable to Directory Traversal due to improper resource validation. Exploiting this vulnerability allows users to add resources to the resource center with a relation path, which will impact only logged-in users. How to fix Directory Traversal? Upgrade | [,2.6.0)[3.0.0-alpha,3.0.0) |
Affected versions of this package are vulnerable to Improper Authentication due to insufficient checks in How to fix Improper Authentication? Upgrade | [,3.1.0) |