Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xZzV4LTY2aHAtY3c1cM03XQ
Uncontrolled Resource Consumption in Apache DolphinScheduler
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks. Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Permalink: https://github.com/advisories/GHSA-qg5x-66hp-cw5pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZzV4LTY2aHAtY3c1cM03XQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-qg5x-66hp-cw5p, CVE-2022-25598
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25598
- https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml
- https://github.com/advisories/GHSA-qg5x-66hp-cw5p
Affected Packages
pypi:apache-dolphinscheduler
Versions: < 2.0.5Fixed in: 2.0.5
maven:org.apache.dolphinscheduler:dolphinscheduler
Versions: < 2.0.5Fixed in: 2.0.5