Description
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/01/3
https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
Related Vulnerabilities
CVE-2019-16777 Vulnerability in maven package org.webjars.npm:bin-links
CVE-2023-26127 Vulnerability in npm package n158
CVE-2023-34615 Vulnerability in maven package net.pwall.json:jsonutil
CVE-2019-10801 Vulnerability in npm package enpeem
CVE-2020-11023 Vulnerability in maven package org.webjars:jquery