Lucene search
ApacheVULNRICHMENT:CVE-2024-23320HistoryFeb 23, 2024 - 4:57 p.m.
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
2024-02-2316:57:09
CWE-20
apache
github.com
3
cve-2024-23320
apache dolphinscheduler
arbitrary js execution
input validation vulnerability
authenticated users
legacy
patch
version 3.2.1
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.
This issue is a legacy of CVE-2023-49299. We didn’t fix it completely in CVE-2023-49299, and we added one more patch to fix it.
This issue affects Apache DolphinScheduler: until 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "dolphinscheduler",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.2.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-23320
2024-02-23 17:15:08
CVE-2023-49299
2023-12-30 17:15:07
github
github
cvelist
cvelist
osv
osv
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
2024-02-23 18:30:59
CVE-2023-49299
2023-12-30 17:15:07
prion
prion
Input validation
2024-02-23 17:15:00
Input validation
2023-12-30 17:15:00
cve
cve
CVE-2024-23320
2024-02-23 17:15:08
CVE-2023-49299
2023-12-30 17:15:07
veracode
veracode
Improper Input Validation
2024-01-02 05:51:58
Improper Input Validation
2024-03-03 18:43:44
vulnrichment
vulnrichment
AI Score
6.5
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-23320