Eluen Siebene

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler (affected versions not specified) **Description** The issue concerns an Improper Input Validation vulnerability, allowing an authenticated user to execute arbitrary, unsandboxed javascript on the server. This can lead to arbitrary js execution as root for authenticated users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions prior to 3.1.9 **Description** The issue is related to an Improper Input Validation vulnerability, allowing an authenticated user to cause arbitrary, unsandboxed JavaScript to be executed on the server. This can lead to arbitrary code execution. The severity of this issue is marked as important. **Recommendations** To resolve the issue, users are recommended to upgrade to version 3.1.9, which fixes the issue. As a temporary workaround, consider restricting access to sensitive areas of the server to minimize the risk of exploitation.