漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication
Vulnerability Description
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Apache DolphinScheduler 授权问题漏洞
Vulnerability Description
Apache DolphinScheduler是美国阿帕奇(Apache)基金会的一个分布式的基于DAG可视化的工作流任务调度系统。 Apache DolphinScheduler 3.0.0至3.1.1版本存在授权问题漏洞,该漏洞源于存在不正确的身份验证,攻击者利用该漏洞可以在没有身份验证的情况下使用套接字字节攻击。
CVSS Information
N/A
Vulnerability Type
N/A