CVE-2021-27644

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27644.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27644

Aliases

GHSA-93g4-3phc-g4xw

Published

2021-11-01T10:15:11Z

Modified

2024-09-02T22:12:07Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

References

https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/01/3

Affected packages

Git / github.com/apache/incubator-dolphinscheduler

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-dolphinscheduler
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d21eb7b1809aa513ced920d5d08575502bde8911