[GHSA-rc6h-qwj9-2c53] Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users #4441

westonsteimel · 2024-05-17T16:02:36Z

Updates

Affected products

Comments
From the fix commit apache/dolphinscheduler@ef9ed3d the change was to the dolphinscheduler-master component.

Apache also specify it specifically in the CVE json: https://github.com/CVEProject/cvelistV5/blob/1c8cd9a8eaea06fdc2108233b3c3d2144e097dd4/cves/2024/23xxx/CVE-2024-23320.json#L19

advisory-database · 2024-05-20T20:46:19Z

Hi @westonsteimel! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-rc6h-qwj9-2c53

9f9e2da

github-actions bot changed the base branch from main to westonsteimel/advisory-improvement-4441 May 17, 2024 16:03

advisory-database bot merged commit 093e726 into westonsteimel/advisory-improvement-4441 May 20, 2024
2 checks passed

advisory-database bot deleted the westonsteimel-GHSA-rc6h-qwj9-2c53 branch May 20, 2024 20:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-rc6h-qwj9-2c53] Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users #4441

[GHSA-rc6h-qwj9-2c53] Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users #4441

westonsteimel commented May 17, 2024

advisory-database bot commented May 20, 2024

[GHSA-rc6h-qwj9-2c53] Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users #4441

[GHSA-rc6h-qwj9-2c53] Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users #4441

Conversation

westonsteimel commented May 17, 2024

advisory-database bot commented May 20, 2024