Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler
CVE-2024-29831

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 12 August 2024

Summary

An improper input validation vulnerability exists in Apache DolphinScheduler that allows authenticated users to execute arbitrary, unsandboxed JavaScript on the server. This can lead to severe security implications for affected systems. Users are advised to upgrade to version 3.2.2 or later, particularly if utilizing the switch task plugin, to ensure protection against potential exploits.

Affected Version(s)

Apache DolphinScheduler 0 <= 3.2.1

References

https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszh...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Mar 20, 2024

Credit

yerest

L0ne1y

My Long