CVE-2024-36265

CRITICAL9.1EPSS 0.38%

Apache Submarine Server Core Incorrect Authorization vulnerability

Published: 6/12/2024Modified: 2/13/2025

Also known as:GHSA-6q97-8v3g-rpxwPYSEC-2024-98

Description

Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected packages (3)

Maven/org.apache.submarine:submarine-server-core
PyPI/apache-submarine
PyPI/apache-submarine>= 0.8.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-36265
PATCHhttps://github.com/apache/submarine
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-submarine/PYSEC-2024-98.yaml
WEBhttps://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz
WEBhttp://www.openwall.com/lists/oss-security/2024/06/12/3