CVE-2024-36263

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS

No CVSS.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/06/12/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/06/12/1	Mailing List Third Party Advisory
https://github.com/apache/submarine/pull/1121	Exploit Issue Tracking Patch
https://github.com/apache/submarine/pull/1121	Exploit Issue Tracking Patch
https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt	Mailing List Vendor Advisory
https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*

History

15 Jul 2025, 16:38

Type	Values Removed	Values Added
References	~~() https://github.com/apache/submarine/pull/1121 -~~	() https://github.com/apache/submarine/pull/1121 - Exploit, Issue Tracking, Patch
References	~~() https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt -~~	() https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2024/06/12/1 -~~	() http://www.openwall.com/lists/oss-security/2024/06/12/1 - Mailing List, Third Party Advisory
CPE		cpe:2.3:a:apache:submarine::::::::
First Time		Apache Apache submarine

13 Feb 2025, 18:18

Type	Values Removed	Values Added
Summary	UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CWE	~~CWE-89~~

12 Jun 2024, 17:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/06/12/1 -

12 Jun 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-12 14:15

Updated : 2025-07-15 16:38

NVD link : CVE-2024-36263

Mitre link : CVE-2024-36263

JSON object : View

Products Affected

apache

submarine

CWE

No CWE.

JSON object

Attach tags to CVE-2024-36263

Attach tags to `CVE-2024-36263`