← Back to CVEs

CVE-2023-49619

LOW

3.1

Description

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

CVE Details

CVSS v3.1 Score3.1

SeverityLOW

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack VectorNETWORK

ComplexityHIGH

Privileges RequiredLOW

User InteractionNONE

Published1/10/2024

Last Modified6/11/2025

Sourcenvd

Honeypot Sightings0

Affected Products

apache:answer

Weaknesses (CWE)

CWE-362

References

http://www.openwall.com/lists/oss-security/2024/01/10/1(security@apache.org)

https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4(security@apache.org)

http://www.openwall.com/lists/oss-security/2024/01/10/1(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.