GHSA-85g9-8j9g-p486CriticalCVSS 9.1
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
🔗 CVE IDs covered (1)
📋 Description
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎯 Affected products1
- maven/org.apache.dolphinscheduler:dolphinscheduler-api:< 3.4.2