Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.
Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.
Users are recommended to upgrade to version 1.2.5, which fixes the issue.
Permalink: https://github.com/advisories/GHSA-9q24-hwmc-797xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago
Identifiers: GHSA-9q24-hwmc-797x, CVE-2024-26578
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-26578
- https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb
- http://www.openwall.com/lists/oss-security/2024/02/22/3
- https://github.com/advisories/GHSA-9q24-hwmc-797x
Affected Packages
go:github.com/apache/incubator-answer
Dependent packages: 10Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.2.5
Fixed in: 1.2.5
All affected versions: 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1
All unaffected versions: 1.2.5