CVE-2021-27644 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server

Description

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/01/3

https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E

Related Vulnerabilities

CVE-2019-10459 Vulnerability in maven package org.jenkins-ci.plugins:mattermost

CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2019-0219 Vulnerability in npm package cordova-plugin-inappbrowser

CVE-2021-25642 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-resourcemanager

CVE-2019-19771 Vulnerability in npm package bitcoin-osp

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H