Base Score

HIGH7.5

CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

VectorNETWORK

Published Bysecurity@apache.org

Published DateMar 30, 2022, 10:15

Affected Versions(2)

org.apache.dolphinscheduler:dolphinscheduler(Maven)

Introduced0

Fixed2.0.5

LimitN/A

apache-dolphinscheduler(PyPI)

Introduced0

Fixed2.0.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.dolphinscheduler:dolphinscheduler(Maven)	0	2.0.5	N/A
apache-dolphinscheduler(PyPI)	0	2.0.5	N/A

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93

Base Score

HIGH7.5

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH