Lucene search
K
ApacheSubmarine

5 matches found

CVE
CVE
added 2023/11/20 8:46 a.m.100 views

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

9.8CVSS9.5AI score0.01747EPSS
CVE
CVE
added 2024/06/12 2:12 p.m.66 views

CVE-2024-36265

Apache Submarine Server Core (versions from 0.8.0) is affected by an Incorrect Authorization vulnerability caused by invalid authorization checks. The issue is present in a retired project and there is no planned fix. In practice, this could allow network-based exploitation without user interacti...

9.8CVSS9.5AI score0.00733EPSS
CVE
CVE
added 2024/06/12 2:6 p.m.65 views

CVE-2024-36264

CVE-2024-36264 concerns Apache Submarine Commons Utils with an improper authentication flaw. The issue arises if submarine.auth.default.secret is not set, as a default secret is used, potentially enabling unauthorized access. Affected version: 0.8.0 and later; note the project is retired and no f...

9.8CVSS9.5AI score0.01008EPSS
CVE
CVE
added 2024/06/12 2:5 p.m.60 views

CVE-2024-36263

Apache Submarine Server Core (all versions) is affected by an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands. The project is retired, and there is no planned fix. CVSS‑3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (base score 8.1). Attack value is...

8.1CVSS8.3AI score0.00963EPSS
CVE
CVE
added 2023/11/22 9:19 a.m.57 views

CVE-2023-37924

Apache Submarine (subsystem: server) has an SQL injection vulnerability that allows login-time exploitation, affecting versions 0.7.0–0.8.0. The issue could enable unauthorized logins. A fix is available in version 0.8.0, which also adds oidc support and removes unauthenticated login paths. If up...

9.8CVSS9.6AI score0.07167EPSS