CVE advisoryCRITICAL
CVE-2024-36265
Apache Submarine Core Authentication Bypass Vulnerability.
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A critical authorization vulnerability in Apache Submarine Server Core allows unauthenticated access via crafted REST requests. Because this project is retired and unsupported, there will be no official fix, and users should restrict access or find alternatives. This issue could impact system data and service behavior