Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2023-96664
HistoryNov 22, 2023 - 12:00 a.m.

Apache Submarine Deserialization Vulnerability

2023-11-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
apache submarine
cloud-native
machine learning
deserialization vulnerability
snakeyaml
serialized data
user submission
code execution
attacker

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%

JSON

Apache Submarine is a cloud-native machine learning platform from the Apache (USA) Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution.

CPENameOperatorVersion
apache submarine >=0.7.0,lt0.8.0

Related

osv 3
cve 1
nvd 1
prion 1
github 1
cvelist 1
osv
osv
PYSEC-2023-240
2023-11-20 09:15:00
Deserialization of Untrusted Data in apache-submarine
2023-11-20 09:30:31
CVE-2023-46302
2023-11-20 09:15:07
cve
cve
CVE-2023-46302
2023-11-20 09:15:07
nvd
nvd
CVE-2023-46302
2023-11-20 09:15:07
prion
prion
Design/Logic Flaw
2023-11-20 09:15:00
github
github
Deserialization of Untrusted Data in apache-submarine
2023-11-20 09:30:31
cvelist
cvelist
CVE-2023-46302 Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization
2023-11-20 08:46:56

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%

JSON
Related for CNVD-2023-96664
osv3cve1nvd1prion1github1cvelist1