Apache DolphinScheduler user registration is vulnerable to ReDoS attacks
CVE-2022-25598

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 30 March 2022

Summary

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

Affected Version(s)

Apache DolphinScheduler Apache DolphinScheduler < 2.0.5

References

https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2022
Vulnerability Reserved
Feb 21, 2022

Credit

This issue was discovered by Zheng Wang of HIT