Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler

CVE-2024-29831

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 12 August 2024

Summary

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Affected Version(s)

Apache DolphinScheduler <= 3.2.1

References

https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszh...

vendor-advisory

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Mar 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

yerest

L0ne1y

My Long