Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-96664
HistoryNov 22, 2023 - 12:00 a.m.

Apache Submarine Deserialization Vulnerability

2023-11-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
apache submarine
cloud-native
machine learning
deserialization vulnerability
snakeyaml
serialized data
user submission
code execution
attacker

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.4%

Apache Submarine is a cloud-native machine learning platform from the Apache (USA) Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution.

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.4%

Related for CNVD-2023-96664