CVE-2024-22393 – github.com/apache/incubator-answer

Package

Manager: go
Name: github.com/apache/incubator-answer
Vulnerable Version: >=0 <1.2.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.21726 pctl0.95529

Details

Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version 1.2.5, which fixes the issue.

Metadata

Created: 2024-02-22T12:30:56Z
Modified: 2025-02-13T19:12:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-rmqp-mvv2-54c6/GHSA-rmqp-mvv2-54c6.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-rmqp-mvv2-54c6
Finding: F027
Auto approve: 1