Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler

CVE-2024-29831

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 12 August 2024

Summary

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Affected Version(s)

Apache DolphinScheduler <= 3.2.1

Timeline

Vulnerability published.
Aug 12, 2024
Vulnerability Reserved.
Mar 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

yerest

L0ne1y

My Long