2 matches found
Apache Submarine SQL Injection Vulnerability
Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. A security vulnerability exists in Apache Submarine versions 0.7.0 through 0.8.0 that stems from the presence of a SQL injection vulnerability that could lead to unauthorized logins...
Design/Logic Flaw
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...