Lucene search
K
ApacheAnswer

6 matches found

CVE
CVE
added 2025/04/01 7:56 a.m.82 views

CVE-2025-29868

CVE-2025-29868 affects Apache Answer up to version 1.4.2. A public method returns a private data structure, enabling potential disclosure of a user’s IP address when external images are accessed. The issue is mitigated in version 1.4.5, which adds a configurable setting to control whether externa...

6.5CVSS6.7AI score0.00872EPSS
CVE
CVE
added 2026/06/09 7:34 a.m.45 views

CVE-2026-33582

The CVE-2026-33582 issue affects Apache Answer up to version 2.0.0, where a crafted TIFF image can trigger excessive memory allocation during decoding, allowing an authenticated user to crash the server process. Upgrade to version 2.0.1 to fix the issue. The reported CVSS vector indicates MEDIUM ...

6.5CVSS5.4AI score0.00479EPSS
CVE
CVE
added 2026/06/09 7:33 a.m.38 views

CVE-2026-25699

CVE-2026-25699 applies to Apache Answer up to version 2.0.0, where timeline-related APIs lacked proper authorization checks. This could allow regular authenticated users to access deleted, private, or unapproved content and its revision history. The issue is addressed by upgrading to version 2.0....

6.1CVSS5.4AI score0.00406EPSS
CVE
CVE
added 2026/06/09 7:34 a.m.35 views

CVE-2026-34031

CVE-2026-34031 concerns Apache Answer up to version 2.0.0, where the server fails to validate user-supplied image URLs used for profile avatars. This allows embedding arbitrary external content as avatars, potentially enabling unintended external requests and tracking by third-party servers. A fi...

6.5CVSS5.5AI score0.00403EPSS
CVE
CVE
added 2026/06/09 7:35 a.m.33 views

CVE-2026-34905

CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...

6.5CVSS5.4AI score0.00325EPSS
CVE
CVE
added 2026/06/09 7:32 a.m.30 views

CVE-2026-25688

CVE-2026-25688 describes an XSS vulnerability in Apache Answer. The issue is an improper neutralization of alternate XSS syntax in AI-generated responses rendered in the browser, affecting Apache Answer up to version 2.0.0. Affected behavior allows execution of malicious scripts when content is v...

6.1CVSS5.3AI score0.00406EPSS