Vulnerability Description
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Answer | < 1.2.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/01/10/1Mailing ListThird Party Advisory
- https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4Mailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/01/10/1Mailing ListThird Party Advisory
- https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4Mailing ListVendor Advisory
FAQ
What is CVE-2023-49619?
CVE-2023-49619 is a vulnerability with a CVSS score of 3.1 (LOW). Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstance...
How severe is CVE-2023-49619?
CVE-2023-49619 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49619?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Answer.