CVE-2023-49299

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 30, 2023
Updated: Feb 23, 2024
CWE ID 20

Summary

CVE-2023-49299 is an Input Validation vulnerability affecting Apache DolphinScheduler. An authenticated user can exploit this flaw to execute arbitrary, unsandboxed JavaScript code on the server. This issue poses a significant security risk and may lead to serious consequences, including data breaches and unauthorized system access. To mitigate this vulnerability, it is strongly advised for Apache DolphinScheduler users to upgrade to the latest version, 3.1.9, which includes the necessary fixes.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache DolphinScheduler

Affected Vendors

  • Apache Software Foundation