← volver
CVE-2021-27644

DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

EPSS 1.9%CWE-264
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Productos afectados
Apache Software Foundation · Apache DolphinScheduler

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/11/01/3