Description
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Remediation
References
https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
Related Vulnerabilities
CVE-2020-2135 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2020-6458 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-26048 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2023-35160 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-30525 Vulnerability in maven package org.jenkins-ci.plugins:reportportal