PyPi: Apache-Submarine

CVE-2024-36265

Safety vulnerability ID: 78728

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 12, 2024 Updated at Aug 18, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of the apache-submarine package (specifically the submarine-server-core module) are vulnerable to Improper Authorization due to missing access control enforcement in the service’s core operations. The submarine-server-core component fails to verify user permissions before granting access, allowing any remote actor to bypass authorization checks. A remote attacker can exploit this by sending network requests to the submarine-server-core interface, gaining unauthorized access to sensitive data and functions, resulting in both confidentiality and integrity compromise.
# NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected package

apache-submarine

Latest version: 0.8.0

A python SDK for submarine

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH