Vulnerabilities > CVE-2023-49299 - Unspecified vulnerability in Apache Dolphinscheduler
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2024/02/23/3
- http://www.openwall.com/lists/oss-security/2024/02/23/3
- https://github.com/apache/dolphinscheduler/pull/15228
- https://github.com/apache/dolphinscheduler/pull/15228
- https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
- https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm