Veracode Vulnerability DatabaseVERACODE:45730Improper Input Validation
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
Apache DolphinScheduler is vulnerable to Improper Input Validation. The vulnerability is due to a missing input validation in method generateContentWithTaskParams for the parameter condition. An authenticated user can execute arbitrary, unsandboxed JavaScript on the server by submitting crafted input.
References
www.openwall.com/lists/oss-security/2024/02/23/3
github.com/advisories/GHSA-rc6h-qwj9-2c53
github.com/apache/dolphinscheduler/commit/ca93aa8e260b4e227c054d42aca20b272574e851
github.com/apache/dolphinscheduler/pull/15487
lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq
lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp
lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%