Lucene search
ApacheCVELIST:CVE-2024-23320HistoryFeb 23, 2024 - 4:57 p.m.
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
2024-02-2316:57:09
CWE-20
apache
www.cve.org
3
cve-2024-23320
arbitrary js execution
authenticated users
apache dolphinscheduler
improper input validation
root
legacy
patch
upgrade
version 3.2.1
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.
This issue is a legacy of CVE-2023-49299. We didn’t fix it completely in CVE-2023-49299, and we added one more patch to fix it.
This issue affects Apache DolphinScheduler: until 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.dolphinscheduler:dolphinscheduler-master",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
github
github
nvd
nvd
CVE-2024-23320
2024-02-23 17:15:08
CVE-2023-49299
2023-12-30 17:15:07
vulnrichment
vulnrichment
osv
osv
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
2024-02-23 18:30:59
CVE-2023-49299
2023-12-30 17:15:07
prion
prion
Input validation
2024-02-23 17:15:00
Input validation
2023-12-30 17:15:00
cve
cve
CVE-2024-23320
2024-02-23 17:15:08
CVE-2023-49299
2023-12-30 17:15:07
cvelist
cvelist
veracode
veracode
Improper Input Validation
2024-03-03 18:43:44
Improper Input Validation
2024-01-02 05:51:58