First published: Fri Feb 23 2024(Updated: )
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.dolphinscheduler:dolphinscheduler-master | <3.2.1 | 3.2.1 |
Apache DolphinScheduler | <3.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23320 is classified as a high severity vulnerability due to its potential for executing arbitrary, unsandboxed JavaScript on the server.
To mitigate CVE-2024-23320, users should upgrade to version 3.2.1 of Apache DolphinScheduler.
Authenticated users of Apache DolphinScheduler versions prior to 3.2.1 are affected by CVE-2024-23320.
CVE-2024-23320 is an Improper Input Validation vulnerability.
Yes, CVE-2024-23320 is a legacy issue from CVE-2023-49299, which was not fully resolved.