CVE-2023-49299

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.

Published: Dec 30, 2023
Updated: May 4, 2025
CVE: CVE-2023-49299
GHSA: GHSA-v7hg-77v9-2445
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
org.apache.dolphinscheduler / dolphinscheduler-master	-	3.1.9
apache / dolphinscheduler	-	3.1.9

http://www.openwall.com/lists/oss-security/2024/02/23/3
https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2
https://github.com/apache/dolphinscheduler/pull/15228
https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm

Vulnerability Database

291,049

CVE-2023-49299