CVE-2021-27644

Summary

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache DolphinSchedulerApache DolphinScheduler < 1.3.6affected

Weaknesses

  • CWE-264: CWE-264 Permissions, Privileges, and Access Controls

ADP Enrichment

CVE Program Container

Additional References

References