VYPR

Gotham

by Palace

CVEs (5)

  • CVE-2023-30968MedMar 12, 2024
    risk 0.44cvss 6.8epss 0.00

    One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.

  • CVE-2023-30961MedSep 27, 2023
    risk 0.42cvss 6.5epss 0.00

    Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.

  • CVE-2022-27897MedFeb 16, 2023
    risk 0.34cvss 5.3epss 0.01

    Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch…

  • CVE-2022-27892MedFeb 16, 2023
    risk 0.34cvss 5.3epss 0.01

    Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.

  • CVE-2022-27891MedFeb 16, 2023
    risk 0.34cvss 5.3epss 0.00

    Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade…