Lucene search
ApacheCVELIST:CVE-2024-29831HistoryAug 09, 2024 - 2:21 p.m.
CVE-2024-29831 Apache DolphinScheduler: RCE by arbitrary js execution
2024-08-0914:21:48
CWE-20
apache
www.cve.org
11
apache dolphinscheduler
input validation
rce
arbitrary execution
authentication
upgrade
EPSS
0
Percentile
9.5%
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2024-29831
2024-08-12 13:38:18
github
github
Apache DolphinScheduler: RCE by arbitrary js execution
2024-08-12 15:30:49
nvd
nvd
CVE-2024-29831
2024-08-12 13:38:18
osv
osv
Apache DolphinScheduler: RCE by arbitrary js execution
2024-08-12 15:30:49
vulnrichment
vulnrichment
CVE-2024-29831 Apache DolphinScheduler: RCE by arbitrary js execution
2024-08-09 14:21:48