CVE-2022-25598 – org.apache.dolphinscheduler:dolphinscheduler

Package

Manager: maven
Name: org.apache.dolphinscheduler:dolphinscheduler
Vulnerable Version: >=0 <2.0.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01305 pctl0.78992

Details

Uncontrolled Resource Consumption in Apache DolphinScheduler Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks. Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

Metadata

Created: 2022-03-31T00:00:23Z
Modified: 2022-04-05T18:52:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-qg5x-66hp-cw5p/GHSA-qg5x-66hp-cw5p.json
CWE IDs: ["CWE-1333", "CWE-400"]
Alternative ID: GHSA-qg5x-66hp-cw5p
Finding: F211
Auto approve: 1