Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Published: Aug 12, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-29831
GHSA: GHSA-m9q4-p56m-mc6q
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
org.apache.dolphinscheduler / dolphinscheduler	-	3.2.2
apache / dolphinscheduler	-	3.2.2

http://www.openwall.com/lists/oss-security/2024/08/09/6
https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo