CVE-2022-25598: Uncontrolled Resource Consumption

March 31, 2022 (updated May 22, 2022)

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

References

github.com/advisories/GHSA-qg5x-66hp-cw5p
github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml
lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
nvd.nist.gov/vuln/detail/CVE-2022-25598

Code Behaviors & Features

Detect and mitigate CVE-2022-25598 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →