← voltar
CVE-2021-27644

DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

EPSS 1.9%CWE-264
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Produtos afetados
Apache Software Foundation · Apache DolphinScheduler

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/11/01/3