CVE-2023-37924

CWE-89 — SQL Injection5 documents4 sources

Severity

9.8CRITICAL

EPSS

77.1%

top 1.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Submarine Apache Submarine

Timeline

PublishedNov 22

Description

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_submarine0.7.0 — 0.8.0

▶NVDapache/submarine0.7.0 — 0.8.0

▶PyPIapache-submarine0.7.0 — 0.8.0

🔴Vulnerability Details

GHSA

SQL injection in Apache Submarine↗2023-11-22

▶

OSV

CVE-2023-37924: Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in↗2023-11-22

▶

OSV

SQL injection in Apache Submarine↗2023-11-22

▶

CVEList

Apache Submarine: SQL injection from unauthorized login↗2023-11-22

▶