CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution

August 12, 2024 (updated March 19, 2025)

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

References

github.com/advisories/GHSA-m9q4-p56m-mc6q
github.com/apache/dolphinscheduler
lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0
nvd.nist.gov/vuln/detail/CVE-2024-29831

Code Behaviors & Features

Detect and mitigate CVE-2024-29831 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →