CVE-2024-36263: Apache Submarine Server Core has a SQL Injection Vulnerability

June 12, 2024 (updated February 13, 2025)

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Submarine Server Core.

This issue affects Apache Submarine Server Core: all versions.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

github.com/advisories/GHSA-v74c-qc46-9gg9
github.com/apache/submarine
github.com/apache/submarine/commit/4e68894a1c54d763ac2697ea1ac993793da4107c
github.com/apache/submarine/pull/1121
lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt
nvd.nist.gov/vuln/detail/CVE-2024-36263

Code Behaviors & Features

Detect and mitigate CVE-2024-36263 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →