CVE-2024-29831

EPSS 0.25%
Published 12.08.2024 13:38:18
Last modified 18.03.2025 15:56:38
Source security@apache.org
Teams watchlist Login
Open Login

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Dolphinscheduler Version < 3.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.487

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/08/09/6

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-29831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29831

EUVD