CVE-2024-36263

June 12, 2024, 5:15 p.m.

None
No Score

Description

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Product(s) Impacted

Product Versions
Apache Submarine Server Core
  • ['all versions']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

http://www.openwall.com/lists/oss-security/2024/06/12/1
https://github.com/apache/submarine/pull/1121
https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt

Tags

security@apache.org
CWE-89
2024-06-12
CVE-2024-36263

Timeline

Published: June 12, 2024, 2:15 p.m.
Last Modified: June 12, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.