Zhenxu Ke

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions 3.0.0 through 3.0.1 **Description** The issue concerns the exposure of sensitive information to unauthorized actors, potentially including database credentials. This exposure can occur in Apache DolphinScheduler, affecting the confidentiality of sensitive data. **Recommendations** To resolve the issue, users are recommended to upgrade to version 3.0.2, which fixes the problem. For users who cannot upgrade to the fixed version, a temporary workaround is to set the environment variable `MANAGEMENT ENDPOINTS WEB EXPOSURE INCLUDE=health,metrics,prometheus`. Alternatively, users can add the following section to the `application.yaml` file: ``` management: endpoints: web: exposure: include: health,metrics,prometheus ```

**Name of the Vulnerable Software and Affected Versions** Apache SkyWalking NodeJS Agent versions prior to 0.5.1 **Description** The issue causes NodeJS services with the Apache SkyWalking NodeJS Agent installed to become unavailable when the OAP is unhealthy and the NodeJS agent cannot establish a connection. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue.