CVE-2022-25598

HIGH

Apache DolphinScheduler < 2.0.5 - Regular Expression Denial of Service in User Registration

Title source: llm
STIX 2.1

Description

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

References (1)

Core 1
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93

Scores

CVSS v3 7.5
EPSS 0.0190
EPSS Percentile 77.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-1333
Status published
Products (3)
apache/dolphinscheduler < 2.0.5
org.apache.dolphinscheduler/dolphinscheduler 0 - 2.0.5Maven
pypi/apache-dolphinscheduler 0 - 2.0.5PyPI
Published Mar 30, 2022
Tracked Since Feb 18, 2026