CVE-2022-25598

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-25598
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25598.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-25598
Aliases
Published
2022-03-30T09:20:12Z
Modified
2026-06-26T03:54:28.703938757Z
Summary
Apache DolphinScheduler user registration is vulnerable to ReDoS attacks
Details

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/25xxx/CVE-2022-25598.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Apache DolphinScheduler"
                },
                {
                    "fixed": "2.0.5"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-1333"
    ],
    "cna_assigner": "apache"
}
References

Affected packages

Git / github.com/apache/dolphinscheduler

Affected ranges

Type
GIT
Repo
https://github.com/apache/dolphinscheduler
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f31328276c12821c21d1ce07e824bc74146c19b2
Database specific 
{
    "cpe": "cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.5"
        }
    ]
}

Affected versions

1.*
1.1.0-preview
2.*
2.0.0
2.0.0-alpha
2.0.2
2.0.3
2.0.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25598.json"