CVE-2024-29831

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 3.2.2

Description The issue is related to improper input validation, allowing an authenticated user to execute arbitrary, unsandboxed javascript on the server. This can potentially lead to remote code execution.

Recommendations For versions prior to 3.2.2, upgrade to version 3.2.2 to resolve the issue. If you are using the switch task plugin, please upgrade to version 3.2.2. As a temporary workaround, consider restricting access to the switch task plugin until the upgrade is applied.