First published: Wed Jun 12 2024(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.submarine:submarine-server-core | <=0.8.0 | |
Apache Submarine | >=0.8.0 | |
pip/apache-submarine | >=0.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-36265 is classified as an Incorrect Authorization vulnerability.
There is no fix for CVE-2024-36265 since the Apache Submarine project is retired.
CVE-2024-36265 affects Apache Submarine Server Core versions up to and including 0.8.0.
No, Apache Submarine is no longer supported and will not receive updates or fixes.
Users of vulnerable versions of Apache Submarine are advised to migrate to an alternative solution.