dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries.
www.openwall.com/lists/oss-security/2021/11/01/3
github.com/apache/dolphinscheduler/commit/f398ab1500396f9da540f8ca060c3f39dcf797fb
lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E