Описание
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.
Users are recommended to upgrade to version 3.1.9, which fixes the issue.
Ссылки
- PatchVendor Advisory
- Mailing ListVendor Advisory
- PatchVendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.9 (исключая)
cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00988
Низкий
8.8 High
CVSS3
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 8.8
github
около 2 лет назад
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
EPSS
Процентиль: 76%
0.00988
Низкий
8.8 High
CVSS3
Дефекты
CWE-20
CWE-20