{"id":"PYSEC-2022-176","details":"Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.","aliases":["CVE-2022-25598","GHSA-qg5x-66hp-cw5p"],"modified":"2023-11-08T04:08:47.349772Z","published":"2022-03-30T10:15:00Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-qg5x-66hp-cw5p"}],"affected":[{"package":{"name":"apache-dolphinscheduler","ecosystem":"PyPI","purl":"pkg:pypi/apache-dolphinscheduler"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.5"}]}],"versions":["0.1.0","0.1.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-dolphinscheduler/PYSEC-2022-176.yaml"}}],"schema_version":"1.7.3"}