CVE-2021-27644

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 1.3.6

Description The issue is related to errors in privilege management, allowing remote attackers to execute arbitrary SQL queries. Specifically, authorized users can use SQL injection in the data source center when using a MySQL data source with an internal login account password.

Recommendations For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the data source center for MySQL data sources with internal login account passwords until the update is applied.