CVE-2023-37924

Name of the Vulnerable Software and Affected Versions Apache Submarine versions 0.7.0 through 0.7.x

Description The issue is related to an SQL injection vulnerability in Apache Submarine when a user logs in, potentially allowing a remote attacker to execute arbitrary SQL queries, resulting in unauthorized login.

Recommendations For Apache Submarine versions 0.7.0 through 0.7.x, upgrade to version 0.8.0 to fix the issue and support the oidc authentication mode, which removes the case of unauthenticated logins. If using a version lower than 0.8.0 and not wanting to upgrade, try cherry-picking PR and rebuild the submarine-server image to fix this.