Lucene search
Veracode Vulnerability DatabaseVERACODE:32789HistoryNov 02, 2021 - 9:05 a.m.
SQL Injection
2021-11-0209:05:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
dolphinscheduler
sql injection
input sanitization
data source center
arbitrary sql queries
vulnerability
authorized malicious users
execute
EPSS
0.003
Percentile
71.0%
dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries.
References
www.openwall.com/lists/oss-security/2021/11/01/3
github.com/apache/dolphinscheduler/commit/f398ab1500396f9da540f8ca060c3f39dcf797fb
lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E
Related
nvd
nvd
CVE-2021-27644
2021-11-01 10:15:11
cve
cve
CVE-2021-27644
2021-11-01 10:15:11
github
github
SQL injection in Apache DolphinScheduler
2021-11-03 17:30:18
cvelist
cvelist
prion
prion
Sql injection
2021-11-01 10:15:00
osv
osv
CVE-2021-27644
2021-11-01 10:15:11
SQL injection in Apache DolphinScheduler
2021-11-03 17:30:18