Lucene search
ApacheCVELIST:CVE-2023-49299HistoryDec 30, 2023 - 4:27 p.m.
CVE-2023-49299 Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
2023-12-3016:27:12
CWE-20
apache
www.cve.org
2
cve-2023-49299
apache dolphinscheduler
arbitrary js execute
input validation vulnerability
authenticated users
upgrade
version 3.1.9.
Improper Input Validation vulnerability in Apache DolphinScheduler. AnΒ authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.
Users are recommended to upgrade to version 3.1.9, which fixes the issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
CVE-2023-49299
2023-12-30 17:15:07
veracode
veracode
Improper Input Validation
2024-01-02 05:51:58
github
github
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-49299
2023-12-30 17:15:07
CVE-2024-23320
2024-02-23 17:15:08
prion
prion
Input validation
2023-12-30 17:15:00
Input validation
2024-02-23 17:15:00
cve
cve
CVE-2023-49299
2023-12-30 17:15:07
CVE-2024-23320
2024-02-23 17:15:08
cvelist
cvelist