CVE-2024-29831

CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution

Vendor Apache Software Foundation

Product Apache DolphinScheduler

Weakness CWE-20 · Input validation

Published August 9, 2024

Last update August 12, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Key dates

Disclosure timeline

August 9, 2024 CVE published

August 12, 2024 Record updated