CVE-2022-25598 is a vulnerability in Apache DolphinScheduler
Published on March 30, 2022
Apache DolphinScheduler user registration is vulnerable to ReDoS attacks
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Weakness Type
What is a ReDoS Vulnerability?
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. Some regular expression engines have a feature called "backtracking". If the token cannot match, the engine "backtracks" to a position that may result in a different token that can match. Backtracking becomes a weakness if all of these conditions are met:
CVE-2022-25598 has been classified to as a ReDoS vulnerability or weakness.
Products Associated with CVE-2022-25598
Want to know whenever a new CVE is published for Apache DolphinScheduler? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache DolphinScheduler:- Version Apache DolphinScheduler and below 2.0.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.