Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler
CVE-2024-29831

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 12 August 2024

Summary

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Affected Version(s)

Apache DolphinScheduler 0 <= 3.2.1

References

https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszh...

vendor-advisory

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Mar 20, 2024

Credit

yerest

L0ne1y

My Long