Description
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Remediation
References
https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/01/3
Related Vulnerabilities
CVE-2023-34459 Vulnerability in npm package @openzeppelin/contracts
CVE-2020-17534 Vulnerability in maven package org.netbeans.html:webkit
CVE-2014-4611 Vulnerability in maven package net.jpountz.lz4:lz4
CVE-2022-36896 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core