Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xZzV4LTY2aHAtY3c1cM03XQ
Uncontrolled Resource Consumption in Apache DolphinScheduler
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks. Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Permalink: https://github.com/advisories/GHSA-qg5x-66hp-cw5pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZzV4LTY2aHAtY3c1cM03XQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 10 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-qg5x-66hp-cw5p, CVE-2022-25598
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25598
- https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml
- https://github.com/advisories/GHSA-qg5x-66hp-cw5p
Affected Packages
pypi:apache-dolphinscheduler
Dependent packages: 0Dependent repositories: 1
Downloads: 355 last month
Affected Version Ranges: < 2.0.5
Fixed in: 2.0.5
All affected versions: 0.1.0, 0.1.1
All unaffected versions: 2.0.5, 2.0.7, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4
maven:org.apache.dolphinscheduler:dolphinscheduler
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 2.0.5
Fixed in: 2.0.5
All affected versions: 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4
All unaffected versions: 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.0, 3.2.1