oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution

From: ShunFeng Cai <caishunfeng () apache org>
Date: Fri, 09 Aug 2024 12:37:56 +0000
Severity: moderate

Affected versions:

- Apache DolphinScheduler through 3.2.1

Description:

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, 
unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 
3.2.2.

Credit:

yerest (reporter)
L0ne1y (reporter)
My Long (reporter)

References:

https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-29831
Previous By Date Next
Previous By Thread Next

Current thread: