Gotham
by Palace
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30968 | Med | 0.44 | 6.8 | 0.00 | Mar 12, 2024 | One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack. | ||
| CVE-2023-30961 | Med | 0.42 | 6.5 | 0.00 | Sep 27, 2023 | Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | ||
| CVE-2022-27897 | Med | 0.34 | 5.3 | 0.01 | Feb 16, 2023 | Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch… | ||
| CVE-2022-27892 | Med | 0.34 | 5.3 | 0.01 | Feb 16, 2023 | Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | ||
| CVE-2022-27891 | Med | 0.34 | 5.3 | 0.00 | Feb 16, 2023 | Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade… |
- risk 0.44cvss 6.8epss 0.00
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
- risk 0.42cvss 6.5epss 0.00
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
- risk 0.34cvss 5.3epss 0.01
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch…
- risk 0.34cvss 5.3epss 0.01
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
- risk 0.34cvss 5.3epss 0.00
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade…