CVE-2021-27644 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server

Description

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/01/3

https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E

Related Vulnerabilities

CVE-2022-37724 Vulnerability in maven package wonder.utilities:utilities

CVE-2019-3888 Vulnerability in maven package io.undertow:undertow-core

CVE-2021-4279 Vulnerability in maven package org.webjars.bower:fast-json-patch

CVE-2016-3674 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2020-7603 Vulnerability in npm package closure-compiler-stream

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H