mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
48 lines
1.6 KiB
JSON
48 lines
1.6 KiB
JSON
{
|
|
"id": "CVE-2024-23320",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2024-02-23T17:15:08.570",
|
|
"lastModified": "2024-02-23T19:31:25.817",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.\n\nThis issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.\n\nThis issue affects Apache DolphinScheduler: until 3.2.1.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.\n\n"
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@apache.org",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/02/23/3",
|
|
"source": "security@apache.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/apache/dolphinscheduler/pull/15487",
|
|
"source": "security@apache.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq",
|
|
"source": "security@apache.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp",
|
|
"source": "security@apache.org"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm",
|
|
"source": "security@apache.org"
|
|
}
|
|
]
|
|
} |