PYSEC-2022-176

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-176

Aliases

CVE-2022-25598
GHSA-qg5x-66hp-cw5p

Published

2022-03-30T10:15:00Z

Modified

2023-11-01T04:58:19.578512Z

Summary

[none]

Details

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

References

https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
https://github.com/advisories/GHSA-qg5x-66hp-cw5p

Affected packages

PyPI / apache-dolphinscheduler

Package

Name: apache-dolphinscheduler; View open source insights on deps.dev
Purl: pkg:pypi/apache-dolphinscheduler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.5

Affected versions

0.*

0.1.0

0.1.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml"