{"vulnerability": "cve-2023-49299", "sightings": [{"uuid": "c959de00-f02d-4a53-8116-3f4bac12be64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4345", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-49299\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache DolphinScheduler. An\u00a0authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.\n\nUsers are recommended to upgrade to version 3.1.9, which fixes the issue.\n\ud83d\udccf Published: 2023-12-30T18:30:37Z\n\ud83d\udccf Modified: 2025-02-13T19:30:08Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-49299\n2. https://github.com/apache/dolphinscheduler/pull/15228\n3. https://github.com/apache/dolphinscheduler/commit/b5eddc0ce85d379080a51bf2162477f7d8c1b7d2\n4. https://github.com/apache/dolphinscheduler\n5. https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm\n6. http://www.openwall.com/lists/oss-security/2024/02/23/3", "creation_timestamp": "2025-02-13T20:15:46.000000Z"}, {"uuid": "60ea0704-3c10-472b-af4b-8b6484563e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/cibsecurity/74035", "content": "\u203c\ufe0fCVE-2023-49299\u203c\ufe0f\n\nImproper Input Validation vulnerability in Apache DolphinScheduler. An\u00a0authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler until 3.1.9.  Users are recommended to upgrade to version 3.1.9, which fixes the issue.  \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-31T01:32:20.000000Z"}, {"uuid": "195f4c95-54ec-42c4-ba90-c0f10e0e35fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/ctinow/170860", "content": "https://ift.tt/oyjEn6L\nCVE-2023-49299 | Apache DolphinScheduler up to 3.1.9 code injection", "creation_timestamp": "2024-01-21T15:16:15.000000Z"}, {"uuid": "9ca9a03d-dc18-478e-a5c7-1c4d66ba7f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49299", "type": "seen", "source": "https://t.me/ctinow/160938", "content": "https://ift.tt/Ej9h34p\nCVE-2023-49299", "creation_timestamp": "2023-12-30T18:26:12.000000Z"}]}