Vulnerability Description
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Dolphinscheduler | < 1.3.6 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/11/01/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bdMailing ListVendor Advisory
- https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bdMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/11/01/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bdMailing ListVendor Advisory
- https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bdMailing ListVendor Advisory
FAQ
What is CVE-2021-27644?
CVE-2021-27644 is a vulnerability with a CVSS score of 8.8 (HIGH). In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
How severe is CVE-2021-27644?
CVE-2021-27644 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27644?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Dolphinscheduler.