CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:31

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E', 'name': '[dolphinscheduler-dev] 20211101 CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}

Information

Published : 2021-11-01 10:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-27644

Mitre link : CVE-2021-27644

CVE.ORG link : CVE-2021-27644


JSON object : View

Products Affected

apache

  • dolphinscheduler
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-264

Permissions, Privileges, and Access Controls