CVE-2023-49299: Improper Input Validation

December 30, 2023 (updated January 3, 2024)

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.

References

github.com/advisories/GHSA-v7hg-77v9-2445
github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2
github.com/apache/dolphinscheduler/pull/15228
lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
nvd.nist.gov/vuln/detail/CVE-2023-49299

Detect and mitigate CVE-2023-49299 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →