Vulnerabilities > Apache > Submarine > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-36265 Unspecified vulnerability in Apache Submarine 0.8.0
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue.
network
low complexity
apache
critical
9.8
2024-06-12 CVE-2024-36264 Unspecified vulnerability in Apache Submarine 0.8.0
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue.
network
low complexity
apache
critical
9.8
2023-11-22 CVE-2023-37924 Unspecified vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in.
network
low complexity
apache
critical
9.8
2023-11-20 CVE-2023-46302 Unspecified vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has a bug when serializing against yaml.
network
low complexity
apache
critical
9.8