CVE-2022-45462
- EPSS 21.26%
- Veröffentlicht 23.11.2022 09:15:09
- Zuletzt bearbeitet 25.04.2025 19:15:47
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
CVE-2022-34662
- EPSS 1.05%
- Veröffentlicht 01.11.2022 16:15:13
- Zuletzt bearbeitet 06.05.2025 04:16:07
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
CVE-2022-26884
- EPSS 1.61%
- Veröffentlicht 28.10.2022 08:15:08
- Zuletzt bearbeitet 07.05.2025 16:15:19
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
CVE-2022-25598
- EPSS 1.13%
- Veröffentlicht 30.03.2022 10:15:08
- Zuletzt bearbeitet 21.11.2024 06:52:24
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
CVE-2021-27644
- EPSS 1.16%
- Veröffentlicht 01.11.2021 10:15:11
- Zuletzt bearbeitet 21.11.2024 05:58:21
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
CVE-2020-13922
- EPSS 0.83%
- Veröffentlicht 11.01.2021 10:15:13
- Zuletzt bearbeitet 21.11.2024 05:02:09
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
CVE-2020-11974
- EPSS 11.35%
- Veröffentlicht 18.12.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:01
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.