In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Credits
This issue was discovered by Jinchen Sheng of Ant FG Security Lab
