GHSA-m9q4-p56m-mc6q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m9q4-p56m-mc6q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-m9q4-p56m-mc6q/GHSA-m9q4-p56m-mc6q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m9q4-p56m-mc6q
- Aliases
-
- CVE-2024-29831
- Published
- 2024-08-12T15:30:49Z
- Modified
- 2024-08-12T19:42:03.309155Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Apache DolphinScheduler: RCE by arbitrary js execution
- Details
-
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
- Database specific
{ "nvd_published_at": "2024-08-12T13:38:18Z", "cwe_ids": [ "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-08-12T19:21:35Z" }- References
Affected packages
Maven / org.apache.dolphinscheduler:dolphinscheduler
Package
- Name
- org.apache.dolphinscheduler:dolphinscheduler
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.dolphinscheduler/dolphinscheduler
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.2
Affected versions
1.*
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
2.*
2.0.0-alpha
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
3.*
3.0.0-alpha
3.0.0-beta-1
3.0.0-beta-2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.1