Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.
Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.
Users are recommended to upgrade to version 1.2.5, which fixes the issue.
Permalink: https://github.com/advisories/GHSA-rmqp-mvv2-54c6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 9 months ago
Updated: 14 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-rmqp-mvv2-54c6, CVE-2024-22393
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-22393
- https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv
- http://www.openwall.com/lists/oss-security/2024/02/22/1
- https://github.com/advisories/GHSA-rmqp-mvv2-54c6
Affected Packages
go:github.com/apache/incubator-answer
Dependent packages: 21Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.2.5
Fixed in: 1.2.5
All affected versions: 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1
All unaffected versions: 1.2.5