[MAVEN:GHSA-M9Q4-P56M-MC6Q] Apache DolphinScheduler: RCE by arbitrary js execution
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.dolphinscheduler/dolphinscheduler
|
< 3.2.2 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.dolphinscheduler/dolphinscheduler
|
= 3.2.2 |
- ID
- MAVEN:GHSA-M9Q4-P56M-MC6Q
- Severity
- high
- URL
- https://github.com/advisories/GHSA-m9q4-p56m-mc6q
- Published
-
2024-08-12T15:30:49
(5 weeks ago) - Modified
-
2024-08-12T19:21:36
(5 weeks ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.apache.dolphinscheduler/dolphinscheduler | org.apache.dolphinscheduler |
dolphinscheduler
|
< 3.2.2 | |||
| Fixed | pkg:maven/org.apache.dolphinscheduler/dolphinscheduler | org.apache.dolphinscheduler |
dolphinscheduler
|
= 3.2.2 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |