Filtered by vendor Palantir
Subscriptions
Filtered by product Gotham
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49587 | 1 Palantir | 1 Gotham | 2025-12-21 | 9.1 Critical |
| Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances | ||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | ||||
| CVE-2022-27892 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | ||||
| CVE-2022-27897 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. | ||||
Page 1 of 1.