CVE-2024-29831

EPSS 0.34%
Veröffentlicht 12.08.2024 13:38:18
Zuletzt bearbeitet 18.03.2025 15:56:38
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache DolphinScheduler: RCE by arbitrary js execution

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Dolphinscheduler Version < 3.2.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.564

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/08/09/6

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-29831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29831

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-29831