CVE-2024-36265

CRITICAL9.1EPSS 0.38%

Apache Submarine Server Core Incorrect Authorization vulnerability

發布日:2024/6/12修改日:2025/2/13

也稱為:GHSA-6q97-8v3g-rpxwPYSEC-2024-98

描述

Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

受影響套件(3)

Maven/org.apache.submarine:submarine-server-core
PyPI/apache-submarine
PyPI/apache-submarine>= 0.8.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-36265
PATCHhttps://github.com/apache/submarine
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/apache-submarine/PYSEC-2024-98.yaml
WEBhttps://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz
WEBhttp://www.openwall.com/lists/oss-security/2024/06/12/3