Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27891 | 1 Palantir | 1 Gotham | 2023-02-24 | N/A | 5.3 MEDIUM |
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | |||||
CVE-2022-27892 | 1 Palantir | 1 Gotham | 2023-02-24 | N/A | 7.5 HIGH |
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | |||||
CVE-2022-27897 | 1 Palantir | 1 Gotham | 2023-02-24 | N/A | 7.5 HIGH |
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. |