Vulnerability Description
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Dolphinscheduler | < 3.1.9 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/02/23/3
- https://github.com/apache/dolphinscheduler/pull/15228PatchVendor Advisory
- https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokmMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/02/23/3
- https://github.com/apache/dolphinscheduler/pull/15228PatchVendor Advisory
- https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokmMailing ListVendor Advisory
FAQ
What is CVE-2023-49299?
CVE-2023-49299 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinSche...
How severe is CVE-2023-49299?
CVE-2023-49299 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49299?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Dolphinscheduler.