github.com/apache/incubator-answer
Go9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/apache/incubator-answerpage 1 of 1
- CVE-2023-49619LOWCVSS 3.1EG 3.1✓ Fixed in 1.2.12024-01-10
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question …
- CVE-2024-22393CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.2.52024-02-22
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause…
- CVE-2024-23349MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.2.52024-02-22
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying the…
- CVE-2024-26578MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.2.52024-02-22
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registrati…
- CVE-2024-29217MEDIUMCVSS 4.6EG 4.6✓ Fixed in 1.3.02024-04-21
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modi…
- CVE-2024-40761MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.4.02024-09-25
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official …
- CVE-2024-41888MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.3.62024-08-12
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This co…
- CVE-2024-41890MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.3.62024-08-12
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity per…
- CVE-2024-45719LOWCVSS 2.6EG 2.6✓ Fixed in 1.4.12024-11-22
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be pred…
Check whether github.com/apache/incubator-answer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/apache/incubator-answer CVEs against the assets you own.
Start Free Scan →