Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.2.0.
Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.
Users are recommended to upgrade to version [1.2.1], which fixes the issue.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/01/10/1 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4 | Mailing List Vendor Advisory |
Configurations
History
17 Jan 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:* | |
References | () https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4 - Mailing List, Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/01/10/1 - Mailing List, Third Party Advisory | |
First Time |
Apache answer
Apache |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.1 |
10 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-10 09:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-49619
Mitre link : CVE-2023-49619
CVE.ORG link : CVE-2023-49619
JSON object : View
Products Affected
apache
- answer
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')