CVE-2024-29831 – org.apache.dolphinscheduler:dolphinscheduler

Package

Manager: maven
Name: org.apache.dolphinscheduler:dolphinscheduler
Vulnerable Version: >=0 <3.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00287 pctl0.51793

Details

Apache DolphinScheduler: RCE by arbitrary js execution Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Metadata

Created: 2024-08-12T15:30:49Z
Modified: 2025-03-19T15:33:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-m9q4-p56m-mc6q/GHSA-m9q4-p56m-mc6q.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-m9q4-p56m-mc6q
Finding: F184
Auto approve: 1