CVE-2021-27644

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-27644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27644.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27644

Aliases

GHSA-93g4-3phc-g4xw

Published

2021-11-01T10:15:11.307Z

Modified

2026-04-10T04:31:35.199664Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

References

Affected packages

Git / github.com/apache/incubator-dolphinscheduler

Affected ranges

Type

GIT

Repo

https://github.com/apache/incubator-dolphinscheduler

Events

Introduced

Fixed

d21eb7b1809aa513ced920d5d08575502bde8911

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.6"
        }
    ]
}

Affected versions

1.*

1.1.0-preview

1.3.1

1.3.3

1.3.4

1.3.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27644.json"