Apache: >> Dolphinscheduler >> 1.2.0 Security Vulnerabilities
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
CVSS Score
6.5
EPSS Score
0.001
Published
2022-11-01
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-10-28
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
CVSS Score
7.5
EPSS Score
0.013
Published
2022-03-30
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
CVSS Score
8.8
EPSS Score
0.039
Published
2021-11-01
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
CVSS Score
6.5
EPSS Score
0.008
Published
2021-01-11
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
CVSS Score
9.8
EPSS Score
0.113
Published
2020-12-18
Page 2