CVE-2024-23320: Apache DolphinScheduler: Arbitrary js execution as root for authenticated users

CVE-2024-23320: Apache DolphinScheduler: Arbitrary js execution as root for authenticated users

Open Source Security [[{„value“:“

Posted by Jiajie Zhong on Feb 23

Severity: important

Affected versions:

– Apache DolphinScheduler before 3.2.1

Description:

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary,
unsandboxed javascript to be executed on the server.

This issue is a legacy of CVE-2023-49299. We didn’t fix it completely in CVE-2023-49299, and we added one more patch to
fix it.

This issue affects Apache DolphinScheduler: until…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert