CVE-2024-29831

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024

CWE ID 20

Summary

CVE-2024-29831 is a newly identified vulnerability affecting Apache DolphinScheduler. This issue involves improper input validation, allowing authenticated users to execute arbitrary, unsandboxed JavaScript code on the server. Users who utilize the switch task plugin are advised to upgrade to version 3.2.2 to mitigate this risk. This vulnerability could potentially be exploited to gain unauthorized access, disrupt services, or steal sensitive data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vJLv57
https://www.cve.org/CVERecord?id=CVE-2024-29831
https://nvd.nist.gov/vuln/detail/CVE-2024-29831

Back to Vulnerability Database

CVE-2024-29831

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations