Apache Dolphinscheduler vulnerabilities

CVE-2022-25598 [HIGH] CWE-1333 CVE-2022-25598: Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

CVE-2021-27644 [HIGH] CWE-264 CVE-2021-27644: In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

CVE-2020-13922 [MEDIUM] CWE-264 CVE-2020-13922: Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to over Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

CVE-2020-11974 [CRITICAL] CVE-2020-11974: In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exi In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.