6 matches found
CVE-2025-29868
CVE-2025-29868 affects Apache Answer up to version 1.4.2. A public method returns a private data structure, enabling potential disclosure of a user’s IP address when external images are accessed. The issue is mitigated in version 1.4.5, which adds a configurable setting to control whether externa...
CVE-2026-33582
The CVE-2026-33582 issue affects Apache Answer up to version 2.0.0, where a crafted TIFF image can trigger excessive memory allocation during decoding, allowing an authenticated user to crash the server process. Upgrade to version 2.0.1 to fix the issue. The reported CVSS vector indicates MEDIUM ...
CVE-2026-25699
CVE-2026-25699 applies to Apache Answer up to version 2.0.0, where timeline-related APIs lacked proper authorization checks. This could allow regular authenticated users to access deleted, private, or unapproved content and its revision history. The issue is addressed by upgrading to version 2.0....
CVE-2026-34031
CVE-2026-34031 concerns Apache Answer up to version 2.0.0, where the server fails to validate user-supplied image URLs used for profile avatars. This allows embedding arbitrary external content as avatars, potentially enabling unintended external requests and tracking by third-party servers. A fi...
CVE-2026-34905
CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...
CVE-2026-25688
CVE-2026-25688 describes an XSS vulnerability in Apache Answer. The issue is an improper neutralization of alternate XSS syntax in AI-generated responses rendered in the browser, affecting Apache Answer up to version 2.0.0. Affected behavior allows execution of malicious scripts when content is v...