Apache Submarine is a cloud-native machine learning platform from the Apache (USA) Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution.
CPE | Name | Operator | Version |
---|---|---|---|
apache submarine >=0.7.0, | lt | 0.8.0 |