CVE-2022-25598

EUVD-2022-0021
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
apachedolphinscheduler
𝑥
< 2.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93