CVE-2023-49299

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 3.1.9

Description The issue is related to an Improper Input Validation vulnerability, allowing an authenticated user to cause arbitrary, unsandboxed JavaScript to be executed on the server. This can lead to arbitrary code execution. The severity of this issue is marked as important.

Recommendations To resolve the issue, users are recommended to upgrade to version 3.1.9, which fixes the issue. As a temporary workaround, consider restricting access to sensitive areas of the server to minimize the risk of exploitation.