CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
apachedolphinscheduler
𝑥
< 2.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93