9 matches found
EUVD-2024-0715
Malicious code in bioql PyPI...
GHSA-RC6H-QWJ9-2C53 Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
CVE-2024-23320
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
Input validation
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2023-49299 via org.apache.dolphinscheduler:dolphinscheduler-master (>=3.0.0-alpha <=3.0.6)
org.apache.dolphinscheduler:dolphinscheduler-master MAVEN version =3.0.0-alpha, =3.0.0, =3.0.6 Source cves: CVE-2023-49299 Source advisory: OSV:GHSA-V7HG-77V9-2445...
CVE-2023-49299
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue...
CVE-2023-49299 Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue...
CVE-2023-49299
CVE-2023-49299 (Apache DolphinScheduler) : An authenticated user can trigger server-side, unsandboxed JavaScript execution due to improper input validation. The issue affects DolphinScheduler prior to fixed versions and is treated as a legacy/continued vulnerability in later advisories. A fix is ...
CVE-2023-49299 Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue...