Answer@* Security Vulnerabilities and Issues — Answer@* CVE List

ApacheAnswer*

7 matches found

CVE•added 2024/02/22 9:51 a.m.•3848 views

CVE-2024-22393

The CVE-2024-22393 issue affects Apache Answer up to version 1.2.1 and enables a pixel-flood DoS by uploading large image files. A logged-in user can trigger memory exhaustion, leading to a server DoS. Remediation is to upgrade to version 1.2.5 (or later). Multiple sources (NVD, Red Hat, CNVD, Ve...

9.1CVSS9.2AI score0.26731EPSS

CVE•added 2024/08/09 2:53 p.m.•65 views

CVE-2024-41890

CVE-2024-41890 affects Apache Answer up to version 1.3.5. The root issue is Missing Release of Resource after Effective Lifetime: password reset links issued in succession can remain valid during the link’s validity period, enabling potential misuse or hijacking of a previously issued link. A fix...

5.3CVSS6.7AI score0.00823EPSS

CVE•added 2024/04/21 4:4 p.m.•64 views

CVE-2024-29217

CVE-2024-29217 concerns the Apache Answer project, with an XSS vulnerability caused by improper neutralization of input during web page generation. The issue affects Apache Answer prior to version 1.3.0 and can be triggered when a logged-in user edits their personal website, allowing injection of...

4.6CVSS4.7AI score0.0038EPSS

CVE•added 2024/11/22 2:36 p.m.•59 views

CVE-2024-45719

CVE-2024-45719 concerns Apache Answer with an Inadequate Encryption Strength vulnerability affecting versions up to 1.4.0. The issue is that IDs generated using UUID v1 can be predictable, reducing token security. The recommended fix is upgrade to version 1.4.1, which closes the flaw. Connected s...

2.6CVSS3.7AI score0.0009EPSS

CVE•added 2024/08/09 2:55 p.m.•56 views

CVE-2024-41888

The CVE-2024-41888 issue affects Apache Answer through version 1.3.5, where the password-reset link remains valid after use (not single-use), allowing potential misuse or hijacking. The impact is limited to authentication flow abuse as described; affected components are the password reset mechani...

5.3CVSS6.7AI score0.01804EPSS

CVE•added 2024/01/10 8:25 a.m.•51 views

CVE-2023-49619

CVE-2023-49619 concerns Apache Answer. A race condition arises from concurrent submissions that manipulate the bookmark/collection count for a question, allowing repeated submissions (e.g., via a script) to increase the number of collections beyond normal limits. Affected versions are Apache Answ...

3.1CVSS4.1AI score0.01305EPSS

CVE•added 2026/02/04 10:41 a.m.•15 views

CVE-2026-24735

CVE-2026-24735 affects Apache Answer up to version 1.7.1. An unauthenticated API endpoint exposes the full revision history for deleted content, enabling unauthorized retrieval of restricted or sensitive information. Remediation: upgrade to version 2.0.0 (or later) where the issue is fixed. The a...

7.5CVSS5.3AI score0.00024EPSS