QwikSec

Security Database

CVE

CWE

Training

CVE-2023-49299

Published: Dec 30, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache DolphinScheduler	affected `0 - < 3.1.9`

Weaknesses (CWE)

References

https://github.com/apache/dolphinscheduler/pull/15228

patch

https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/02/23/3

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.