Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

Affected Packages

Maven org.apache.dolphinscheduler:dolphinscheduler

Affected versions: 0 (fixed in 3.2.2)

Related CVEs

CVE-2024-29831

Key Information

GHSA ID

GHSA-m9q4-p56m-mc6q

Published

August 12, 2024 3:30 PM

Last Modified

March 19, 2025 3:33 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.dolphinscheduler:dolphinscheduler

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.