GHSA-qg5x-66hp-cw5p

Source

https://github.com/advisories/GHSA-qg5x-66hp-cw5p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-qg5x-66hp-cw5p/GHSA-qg5x-66hp-cw5p.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qg5x-66hp-cw5p

Aliases

Published

2022-03-31T00:00:23Z

Modified

2023-11-01T04:58:19.578512Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Uncontrolled Resource Consumption in Apache DolphinScheduler

Details

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks. Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

Database specific

{
    "github_reviewed_at": "2022-04-01T15:38:43Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-1333",
        "CWE-400"
    ],
    "nvd_published_at": "2022-03-30T10:15:00Z"
}

References

Affected packages

Maven / org.apache.dolphinscheduler:dolphinscheduler

Package

Name: org.apache.dolphinscheduler:dolphinscheduler; View open source insights on deps.dev
Purl: pkg:maven/org.apache.dolphinscheduler/dolphinscheduler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.5

Affected versions

1.*

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

2.*

2.0.0-alpha

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

PyPI / apache-dolphinscheduler

Package

Name: apache-dolphinscheduler; View open source insights on deps.dev
Purl: pkg:pypi/apache-dolphinscheduler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.5

Affected versions

0.*

0.1.0

0.1.1