CVE-2024-36265 — Apache Submarine Server Core Incorrect Authorization vulnerability

Description

Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

How to fix CVE-2024-36265

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed
—no fix listed
—no fix listed

Is CVE-2024-36265 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

>= 0.8.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (6)

ADVISORYgithub.com/advisories/GHSA-6q97-8v3g-rpxw
ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-36265
PATCHgithub.com/apache/submarine
WEBgithub.com/pypa/advisory-database/tree/main/vulns/apache-submarine/PYSEC-2024-98.yaml