apache-submarine

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting apache-submarinepage 1 of 1

CVE-2023-37924CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.8.0
2023-11-22
vulnerable: 0.7.0, 0.8.0.dev0
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. Thi…
CVE-2023-46302CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.8.0
2023-11-20
vulnerable: 0.7.0, 0.8.0.dev0
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handl…
CVE-2024-36264CRITICALCVSS 9.8EG 6.5
2024-06-12
vulnerable: 0.8.0
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submari…
CVE-2024-36265CRITICALCVSS 9.8EG 9.1
2024-06-12
vulnerable: 0.8.0
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixe…

Check whether apache-submarine is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-submarine CVEs against the assets you own.

Start Free Scan →