Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.
This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.
This issue affects Apache DolphinScheduler: until 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-23T16:57:09.741Z
Updated: 2024-08-01T22:59:32.214Z
Reserved: 2024-01-15T10:49:33.393Z
Link: CVE-2024-23320
Vulnrichment
Updated: 2024-08-01T22:59:32.214Z
NVD
Status : Awaiting Analysis
Published: 2024-02-23T17:15:08.570
Modified: 2024-08-01T13:47:17.360
Link: CVE-2024-23320
Redhat
No data.