{"schema_version": "1.6.1", "id": "CVE-2023-49299", "summary": "Arbitrary js execute as root for authenticated users", "details": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "3.1.9"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/dolphinscheduler/pull/15228"}, {"type": "WEB", "url": "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm"}]}