PT-2022-17391 · Apache · Apache Dolphinscheduler

Zheng Wang

·

Published

2022-03-30

·

Updated

2023-07-12

·

CVE-2022-25598

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 2.0.5
Description The issue is related to a Regular express Denial of Service (ReDoS) attack in the user registration of Apache DolphinScheduler.
Recommendations For versions prior to 2.0.5, upgrade to version 2.0.5 or higher.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-400

Related Identifiers

CVE-2022-25598
GHSA-QG5X-66HP-CW5P
PYSEC-2022-176

Affected Products

Apache Dolphinscheduler