CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:58

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/11/01/3 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/11/01/3 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E - Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E - Mailing List, Vendor Advisory

07 Nov 2023, 03:31

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E', 'name': '[dolphinscheduler-dev] 20211101 CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}

Information

Published : 2021-11-01 10:15

Updated : 2024-11-21 05:58


NVD link : CVE-2021-27644

Mitre link : CVE-2021-27644

CVE.ORG link : CVE-2021-27644


JSON object : View

Products Affected

apache

  • dolphinscheduler
CWE
CWE-264

Permissions, Privileges, and Access Controls

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')