Lucene search

[email protected]NVD:CVE-2023-49299

HistoryDec 30, 2023 - 5:15 p.m.

CVE-2023-49299

2023-12-3017:15:07

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-49299

apache dolphinscheduler

input validation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.7%

JSON

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.

Affected configurations

Nvd

Node

apachedolphinschedulerRange<3.1.9

References

www.openwall.com/lists/oss-security/2024/02/23/3

github.com/apache/dolphinscheduler/pull/15228

lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.7%

JSON

Related for NVD:CVE-2023-49299

osv3 veracode1 cvelist2 github2 vulnrichment2 prion2 cve2 nvd1