← back
CVE-2021-27644

DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

EPSS 1.9%CWE-264
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Affected products
Apache Software Foundation · Apache DolphinScheduler

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/11/01/3