Description
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Affected products
- Apache Software Foundation / Apache DolphinSchedulerApache DolphinScheduler – 1.3.6
References
- MAILING_LISThttps://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
- MAILING_LISThttps://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2021/11/01/3