Headline
GHSA-f899-4mr4-fqpv: Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.2.0.
Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.
Users are recommended to upgrade to version [1.2.1], which fixes the issue.
Package
gomod github.com/apache/incubator-answer (Go)
Affected versions
< 1.2.1
Patched versions
1.2.1
Description
Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.2.0.
Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.
Users are recommended to upgrade to version [1.2.1], which fixes the issue.
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-49619
- https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4
- http://www.openwall.com/lists/oss-security/2024/01/10/1
Published by the National Vulnerability Database
Jan 10, 2024
Published to the GitHub Advisory Database
Jan 10, 2024
Last updated
Jan 10, 2024
Reviewed
Jan 10, 2024