{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T11:58:47.993","vulnerabilities":[{"cve":{"id":"CVE-2024-49587","sourceIdentifier":"cve-coordination@palantir.com","published":"2025-12-19T17:15:50.643","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances"}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@palantir.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"cve-coordination@palantir.com","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]}],"references":[{"url":"https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11","source":"cve-coordination@palantir.com"}]}}]}