CVE-2021-27644 – org.apache.dolphinscheduler:dolphinscheduler-server

Package

Manager: maven
Name: org.apache.dolphinscheduler:dolphinscheduler-server
Vulnerable Version: >=0 <1.3.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0394 pctl0.87886

Details

SQL injection in Apache DolphinScheduler In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

Metadata

Created: 2021-11-03T17:30:18Z
Modified: 2021-11-03T14:48:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-93g4-3phc-g4xw/GHSA-93g4-3phc-g4xw.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-93g4-3phc-g4xw
Finding: F297
Auto approve: 1