CVE-2022-25598

CWE-1333 CWE-400 — Uncontrolled Resource Consumption5 documents4 sources

Severity

7.5HIGH

EPSS

1.1%

top 21.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Dolphinscheduler Apache Dolphinscheduler

Timeline

PublishedMar 30

Latest updateMar 31

Description

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDapache/dolphinscheduler< 2.0.5

▶PyPIapache-dolphinscheduler< 2.0.5

▶Mavenorg.apache.dolphinscheduler:dolphinscheduler< 2.0.5

▶CVEListV5apache_software_foundation/apache_dolphinschedulerApache DolphinScheduler — 2.0.5

🔴Vulnerability Details

OSV

Uncontrolled Resource Consumption in Apache DolphinScheduler↗2022-03-31

▶

GHSA

Uncontrolled Resource Consumption in Apache DolphinScheduler↗2022-03-31

▶

CVEList

Apache DolphinScheduler user registration is vulnerable to ReDoS attacks↗2022-03-30

▶

OSV

CVE-2022-25598: Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upg↗2022-03-30

▶