Description
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.
References (3)
Core 3
Core References
Patch, Vendor Advisory patch
https://github.com/apache/dolphinscheduler/pull/15228
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
Scores
CVSS v3
8.8
EPSS
0.0059
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
apache/dolphinscheduler
< 3.1.9
org.apache.dolphinscheduler/dolphinscheduler-master
0 - 3.1.9Maven
Published
Dec 30, 2023
Tracked Since
Feb 18, 2026