Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.2.0.
Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.
Users are recommended to upgrade to version [1.2.1], which fixes the issue.
Permalink: https://github.com/advisories/GHSA-f899-4mr4-fqpvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 4 months ago
Updated: 4 months ago
CVSS Score: 3.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-f899-4mr4-fqpv, CVE-2023-49619
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-49619
- https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4
- http://www.openwall.com/lists/oss-security/2024/01/10/1
- https://github.com/advisories/GHSA-f899-4mr4-fqpv
Affected Packages
go:github.com/apache/incubator-answer
Dependent packages: 10Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.2.1
Fixed in: 1.2.1
All affected versions: 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0
All unaffected versions: 1.2.1, 1.2.5