159 matches found
CVE-2024-23349
Apache Answer (github.com/apache/incubator-answer) is affected by a Cross-site Scripting (XSS) flaw in the summary field present through version 1.2.1. The root cause is improper neutralization of input during web page generation, enabling a logged-in user to inject malicious code when editing th...
CVE-2024-23349 Apache Answer: XSS vulnerability when submitting summary
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...
CVE-2024-26578 Apache Answer: Repeated submission at registration created duplicate users with the same name
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...
CVE-2024-26578
CVE-2024-26578 describes a race condition in Apache Answer (through 1.2.1) caused by concurrent access to a shared resource during user registration, enabling rapid scripted submissions to create multiple accounts with the same name. The issue is a synchronization flaw that can affect account cre...
CVE-2024-26578 Apache Answer: Repeated submission at registration created duplicate users with the same name
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...
PT-2024-19386 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.2.1 Description: The issue affects Apache Answer, allowing a logged-in user to cause a Pixel Flood Attack by uploading large pixel files, which can cause the server to run out of memory. This can be done by...
Apache Answer 安全漏洞
Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and earlier versions suffer from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to...
Apache Answer 竞争条件问题漏洞
Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...
Apache Answer 代码问题漏洞
Apache Answer is a community platform of the Apache USA Foundation. A denial of service vulnerability exists in Apache Answer 1.2.1 and earlier versions, which can be exploited by attackers to conduct pixel flooding attacks by uploading large pixelated files, resulting in a server out of memory...
GHSA-F899-4MR4-FQPV Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
CVE-2023-49619
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
CVE-2023-49619
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
Race condition
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
CVE-2023-49619 Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
CVE-2023-49619 Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarke...
CVE-2023-49619
CVE-2023-49619 concerns Apache Answer. A race condition arises from concurrent submissions that manipulate the bookmark/collection count for a question, allowing repeated submissions (e.g., via a script) to increase the number of collections beyond normal limits. Affected versions are Apache Answ...
PT-2024-13768 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.2.0 Description: The issue is related to a 'Race Condition' vulnerability due to improper synchronization when using shared resources. Normally, a user can only bookmark a question once, increasing the bookmar...
Apache Answer Competition Condition Problem Vulnerability
Apache Answer is a community platform of the Apache USA Foundation. Apache Answer version 1.2.0 and prior versions suffer from a Competing Conditional Questions vulnerability that stems from the fact that repeated submissions via scripting can increase the number of questions collected many times...