Lucene search
ApacheVULNRICHMENT:CVE-2024-40761HistorySep 25, 2024 - 7:31 a.m.
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses
2024-09-2507:31:08
CWE-326
apache
github.com
cve-2024-40761
apache answer
inadequate encryption strength
Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
Using the MD5 value of a user’s email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.
Users are recommended to upgrade to version 1.4.0, which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "answer",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.3.5"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer
2024-09-26 18:24:03
Apache Answer: Avatar URL leaked user email addresses
2024-09-25 09:30:46
github
github
Apache Answer: Avatar URL leaked user email addresses
2024-09-25 09:30:46
cvelist
cvelist
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses
2024-09-25 07:31:08
nvd
nvd
CVE-2024-40761
2024-09-25 08:15:04
cve
cve
CVE-2024-40761
2024-09-25 08:15:04
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-40761