CVE-2022-25598

HIGH

Apache Dolphinscheduler < 2.0.5 - Denial of Service

Title source: rule
STIX 2.1

Description

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0113
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-1333
Status published
Products (3)
apache/dolphinscheduler < 2.0.5
org.apache.dolphinscheduler/dolphinscheduler 0 - 2.0.5Maven
pypi/apache-dolphinscheduler 0 - 2.0.5PyPI
Published Mar 30, 2022
Tracked Since Feb 18, 2026