Vulnerabilities > Apache > Submarine > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-36265 | Incorrect Authorization vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2024-06-12 | CVE-2024-36264 | Unspecified vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2023-11-22 | CVE-2023-37924 | SQL Injection vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. | 9.8 |
| 2023-11-20 | CVE-2023-46302 | Deserialization of Untrusted Data vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. | 9.8 |