[{"vendor":"apache","product":"submarine","defaultStatus":"unaffected","cpes":["cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"*","versionType":"semver","status":"affected"}]}]

{"timestamp":"2024-08-21T14:40:13.638639Z","id":"CVE-2024-36263","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Apache Software Foundation","product":"Apache Submarine Server Core","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.submarine:submarine-server-core","versions":[{"version":"0","lessThanOrEqual":"*","versionType":"semver","status":"affected"}]}]

OR
          *cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*

Apache Software Foundation: http://www.openwall.com/lists/oss-security/2024/06/12/1 Types: Mailing List, Third Party Advisory

Apache Software Foundation: https://github.com/apache/submarine/pull/1121 Types: Exploit, Issue Tracking, Patch

Apache Software Foundation: https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt Types: Mailing List, Vendor Advisory

CVE: http://www.openwall.com/lists/oss-security/2024/06/12/1 Types: Mailing List, Third Party Advisory

CVE: https://github.com/apache/submarine/pull/1121 Types: Exploit, Issue Tracking, Patch

CVE: https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt Types: Mailing List, Vendor Advisory

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.

This issue affects Apache Submarine Server Core: all versions.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.

This issue affects Apache Submarine Server Core: all versions.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

http://www.openwall.com/lists/oss-security/2024/06/12/1

https://github.com/apache/submarine/pull/1121

https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt

CISA-ADP AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Apache Software Foundation http://www.openwall.com/lists/oss-security/2024/06/12/1 [No types assigned]

Apache Software Foundation unsupported-when-assigned

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.

This issue affects Apache Submarine Server Core: all versions.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Apache Software Foundation CWE-89

Apache Software Foundation https://github.com/apache/submarine/pull/1121 [No types assigned]

Apache Software Foundation https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt [No types assigned]