Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | |||||
| CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | |||||
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | |||||
| CVE-2020-11974 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | |||||