CVE-2023-49299: Improper Input Validation

December 30, 2023 (updated January 5, 2024)

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.

References

github.com/apache/dolphinscheduler/pull/15228
lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm
nvd.nist.gov/vuln/detail/CVE-2023-49299

Code Behaviors & Features

Detect and mitigate CVE-2023-49299 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →