GO-2024-3158 Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer

Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer...

GO-2024-2580 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer

Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...

GO-2024-2578 Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer

Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer...

Unrestricted File Upload

github.com/apache/incubator-answer is vulnerable to Unrestricted File Upload. The vulnerability is due to missing file type checks, which allows an attacker to upload large Pixel files will cause the server to run out of memory, resulting in Denial of Service DoS...

Cross-Site Scripting

github.com/apache/incubator-answer is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate sanitization of user input in the summary field, which allows a logged-in attacker to inject malicious code when modifying their own submitted question...