{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "RCE by arbitrary js execution",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "cweId": "CWE-20",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache DolphinScheduler",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "lessThanOrEqual": "3.2.1",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.\n",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Improper Input Validation vulnerability in Apache DolphinScheduler. An <span style=\"background-color: rgb(255, 255, 255);\">authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.<br></span>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "moderate"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "yerest",
          "type": "reporter"
        },
        {
          "lang": "en",
          "value": "L0ne1y",
          "type": "reporter"
        },
        {
          "lang": "en",
          "value": "My Long",
          "type": "reporter"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2024-29831",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0"
}