Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 Dec 2023 02:54:22 +0000
From: Jiajie Zhong <>
Subject: CVE-2023-49299: Apache DolphinScheduler: Arbitrary js execute as
 root for authenticated users 

Severity: important

Affected versions:

- Apache DolphinScheduler through 3.1.9


Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: through 3.1.9.

Users are recommended to upgrade to version 3.1.9, which fixes the issue.


Eluen Siebene (finder)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.