Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp538448lqp; Wed, 12 Jun 2024 08:51:01 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUyHQkK6fuso5txLFq72qZWMJ6KhH+C1NjCql6ZwQpMGh0fLjpm1MZdSWUc5FxehSNJxOiSue0/RDtLoOE6s/WdYlZgKCeGfHNAAtAM2Q== X-Google-Smtp-Source: AGHT+IG2exjj2CUvRytfMXF1imDQoWgZAqmwXkmU7DMexYzZYO7RZOQzoLWw8uF53bG9ag2qqOsq X-Received: by 2002:a50:d75d:0:b0:57c:abf9:e6ab with SMTP id 4fb4d7f45d1cf-57cabf9eb27mr1588709a12.31.1718207461698; Wed, 12 Jun 2024 08:51:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1718207461; cv=none; d=google.com; s=arc-20160816; b=t4TRcC/Vq5P1pa1RwHsXpvSeD7Lf8DO0dZ7IHa1PQtBQ8YNzO2EAsjB49eVIrjEg28 FjhLbGS2NGcwGGfyOIo2JBWzAJ9gxXJRq/rPlrOmn/FYJ9UycpY1DjPsYG3N8cr7UzYh q89p8GYG3dKORnMO7ATNcrUVhRThhi2a3/i/nCwgQHXxkma8nYo75T0qMC1K2GK0+H+L ptStB1bYDk1hQLQgiQVE8o8Vf32L0sepkdPckyZRvXtf5PhSSpjBJyyklX7nqcZNsuzT /aojAodxFQaMe/a54g1nC0BuIFi2qk0ggPbC2fuHQ/GW7OifwRX7ZUo8EIHr7FGwLZiJ eW2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:date:content-transfer-encoding:message-id:to :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=C8edU3zd7yvwr3JiiVULOoS2hQczgt4mGsblIjAHsMU=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=RxEX4WD0vLAtWKaKfAa8f0NERibqzUF0n7koBANqKYkPw6sErPK9m2RUaYUsdWTncI 8vt/KqSscP/5+UqIXXves0+WzMDgYVbFcucu2wtYnsrBEubjBeX9etrE808OuxsakdzQ 6JwaPch0Hv2cpJcnjFxl6AwP+FOgD8kjx6NrjHEcC/lwJDo9nXdfrataotJLww20pETz y0M5DcRQuRd3mKxHbVYZHZhS7/lcg3ayWh3z27akaU61XrCMtqWr6/OcL6Tq9kxI6nxp EIIBG2qxpPchMWZayAskR0iz5bdCyCHlZefwuBH5RyXxuSB5gllDFaAItmdlIourR8Q8 p9PA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of oss-security-return-30189-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30189-linux.lists.archive=gmail.com@lists.openwall.com" Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id 4fb4d7f45d1cf-57c683406f8si4998036a12.383.2024.06.12.08.51.01 for ; Wed, 12 Jun 2024 08:51:01 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30189-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; spf=pass (google.com: domain of oss-security-return-30189-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30189-linux.lists.archive=gmail.com@lists.openwall.com" Received: (qmail 24270 invoked by uid 550); 12 Jun 2024 15:50:41 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 18232 invoked from network); 12 Jun 2024 14:03:42 -0000 Authentication-Results: apache.org; auth=none Content-Type: text/plain; charset=utf-8 From: Arnout Engelen To: oss-security@lists.openwall.com Message-ID: <58b27eb6-b696-f831-b78e-6e28bac5083e@apache.org> Content-Transfer-Encoding: quoted-printable Date: Wed, 12 Jun 2024 14:02:32 +0000 MIME-Version: 1.0 Subject: [oss-security] CVE-2024-36263: Apache Submarine Server Core: SQL injection Severity: important Affected versions: - Apache Submarine Server Core: all versions Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements= used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine= Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes = this issue. Users are recommended to find an alternative or restrict access= to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported= by the maintainer. Credit: BaoChengZhang of LengJingQiCaiSecurityLab (finder) L0ne1y (finder) References: https://github.com/apache/submarine/pull/1121 https://submarine.apache.org/ https://www.cve.org/CVERecord?id=3DCVE-2024-36263