Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tOXE0LXA1Nm0tbWM2cc4AA-g9
Apache DolphinScheduler: RCE by arbitrary js execution
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
Permalink: https://github.com/advisories/GHSA-m9q4-p56m-mc6qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tOXE0LXA1Nm0tbWM2cc4AA-g9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-m9q4-p56m-mc6q, CVE-2024-29831
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-29831
- https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0
- https://github.com/advisories/GHSA-m9q4-p56m-mc6q
Affected Packages
maven:org.apache.dolphinscheduler:dolphinscheduler
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 3.2.2
Fixed in: 3.2.2
All affected versions: 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.0, 3.2.1
All unaffected versions: