{"vulnerability": "CVE-2023-4929", "sightings": [{"uuid": "c959de00-f02d-4a53-8116-3f4bac12be64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4345", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-49299\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache DolphinScheduler. An\u00a0authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.\n\ud83d\udccf Published: 2023-12-30T18:30:37Z\n\ud83d\udccf Modified: 2025-02-13T19:30:08Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-49299\n2. https://github.com/apache/dolphinscheduler/pull/15228\n3. https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2\n4. https://github.com/apache/dolphinscheduler\n5. https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm\n6. http://www.openwall.com/lists/oss-security/2024/02/23/3", "creation_timestamp": "2025-02-13T20:15:46.000000Z"}, {"uuid": "654d793c-9448-4d61-b879-201b13e5dfc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-49291", "type": "seen", "source": "https://gist.github.com/krstp/6674b8ed7627efed95a167a099a0b67b", "content": "", "creation_timestamp": "2025-03-18T15:27:29.000000Z"}, {"uuid": "423737b7-8811-46e7-bde5-6a3064322882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49293", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mihlnmjq6h2f", "content": "", "creation_timestamp": "2026-04-01T21:02:37.122036Z"}, {"uuid": "60ea0704-3c10-472b-af4b-8b6484563e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/cibsecurity/74035", "content": "\u203c\ufe0fCVE-2023-49299\u203c\ufe0f\n\nImproper Input Validation vulnerability in Apache DolphinScheduler. An\u00a0authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler until 3.1.9.  Users are recommended to upgrade to version 3.1.9, which fixes the issue.  \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-31T01:32:20.000000Z"}, {"uuid": "5dddd8e0-675b-4da5-a329-a48b2a2d019d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49298", "type": "seen", "source": "https://t.me/ctinow/155426", "content": "https://ift.tt/mSgCKNp\nCVE-2023-49298 | OpenZFS up to 2.1.13/2.2.1 /etc/hosts.deny access control (ID 15526)", "creation_timestamp": "2023-12-16T15:17:59.000000Z"}, {"uuid": "0e18dd40-3993-4a89-8ff3-adbc21bf00cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4929", "type": "seen", "source": "https://t.me/cibsecurity/71510", "content": "\u203c CVE-2023-4929 \u203c\n\nAll firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T18:46:19.000000Z"}, {"uuid": "195f4c95-54ec-42c4-ba90-c0f10e0e35fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/ctinow/170860", "content": "https://ift.tt/oyjEn6L\nCVE-2023-49299 | Apache DolphinScheduler up to 3.1.9 code injection", "creation_timestamp": "2024-01-21T15:16:15.000000Z"}, {"uuid": "9ca9a03d-dc18-478e-a5c7-1c4d66ba7f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/ctinow/160938", "content": "https://ift.tt/Ej9h34p\nCVE-2023-49299", "creation_timestamp": "2023-12-30T18:26:12.000000Z"}, {"uuid": "9f0bc99e-9b95-4f8a-ae6d-4709dd78c93e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49295", "type": "seen", "source": "https://t.me/ctinow/174969", "content": "https://ift.tt/zYuyRVh\nCVE-2023-49295 | quic-go Path Validation denial of service", "creation_timestamp": "2024-01-28T15:26:38.000000Z"}, {"uuid": "2491291d-aaa0-4e75-9b46-1a20444da42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49292", "type": "seen", "source": "https://t.me/ctinow/158808", "content": "https://ift.tt/Nkqm7l1\nCVE-2023-49292 | ecies go 2.0.8 Encapsulate/Decapsulate/ECDH information disclosure (GHSA-8j98-cjfr-qx3h)", "creation_timestamp": "2023-12-23T13:11:28.000000Z"}, {"uuid": "59beb6bb-ae1a-407e-b34c-d78ef8a3771a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49291", "type": "seen", "source": "https://t.me/ctinow/158804", "content": "https://ift.tt/rg9cPdK\nCVE-2023-49291 | tj-actions branch-names up to 7.0.6 input validation (GHSA-8v8w-v8xg-79rf)", "creation_timestamp": "2023-12-23T12:41:37.000000Z"}, {"uuid": "5c80b106-8cb9-4e98-a110-b25cbd57d68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49295", "type": "seen", "source": "https://t.me/ctinow/166367", "content": "https://ift.tt/gfd1W3E\nCVE-2023-49295", "creation_timestamp": "2024-01-11T08:46:30.000000Z"}, {"uuid": "c34e7e6f-dcfe-4584-b5ef-2bb841d7aebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49297", "type": "seen", "source": "https://t.me/ctinow/159037", "content": "https://ift.tt/WTjIk14\nCVE-2023-49297 | iterative PyDrive2 1.17.0 YAML deserialization (GHSA-v5f6-hjmf-9mc5)", "creation_timestamp": "2023-12-24T15:26:19.000000Z"}, {"uuid": "2e9d7005-df91-4442-8f81-e2acd3ea9254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49296", "type": "seen", "source": "https://t.me/ctinow/165790", "content": "https://ift.tt/ptfRuwg\nCVE-2023-49296 | Arduino Create Agent up to 1.3.5 Web Interface /certificate.crt cross site scripting (GHSA-j5hc-wx84-844h)", "creation_timestamp": "2024-01-10T14:07:03.000000Z"}, {"uuid": "c8e91b84-6b73-4661-aaef-ee7017bac106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49298", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2338", "content": "#exploit\n1. CVE-2023-51385:\nSSH ProxyCommand == unexpected code execution\nhttps://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html\n2. CVE-2023-49298:\nOpenZFS security bypass\nhttps://github.com/openzfs/zfs/pull/15571", "creation_timestamp": "2024-08-16T08:57:37.000000Z"}, {"uuid": "1419ebac-d9cf-4036-8a9b-126002d07ced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49298", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9649", "content": "#exploit\n1. CVE-2023-51385:\nSSH ProxyCommand == unexpected code execution\nhttps://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html\n\n2. CVE-2023-49298:\nOpenZFS security bypass\nhttps://github.com/openzfs/zfs/pull/15571", "creation_timestamp": "2024-12-24T01:14:04.000000Z"}, {"uuid": "7c3091b3-0a9b-4a07-a575-ae4a030d1332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-49297", "type": "published-proof-of-concept", "source": "https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5", "content": "", "creation_timestamp": "2023-12-05T13:13:17.000000Z"}, {"uuid": "f465f7a0-f898-4c20-b2c6-d64e00e95cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-49293", "type": "published-proof-of-concept", "source": "https://github.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97", "content": "", "creation_timestamp": "2023-12-04T22:07:59.000000Z"}, {"uuid": "60c6477a-07b8-4860-ba9d-01916f44691f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-49290", "type": "published-proof-of-concept", "source": "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf", "content": "", "creation_timestamp": "2023-12-03T07:27:59.000000Z"}]}