5 matches found
CVE-2023-46302
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order tohandle YAML requests (using application/yaml content-type), it define...
CVE-2024-36265
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or ...
CVE-2024-36264
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set submarine.auth.default.secret, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do n...
CVE-2024-36263
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fix...
CVE-2023-37924
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.Now we have fixed this issue and now user must have the correct login to access workbench.This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We ...