CVE-2024-26578 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-26578

CVE-2024-26578

February 22, 2024

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Affected Packages

github.com/apache/incubator-answer (GO):

Affected version(s) >=v0.0.0-20231101070104-bf556fb73dc8 <v1.2.5

Fix Suggestion:

Update to version v1.2.5

Related Resources (5)

https://github.com/advisories/GHSA-9q24-hwmc-797x

http://www.openwall.com/lists/oss-security/2024/02/22/3

https://github.com/apache/incubator-answer

https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb

https://nvd.nist.gov/vuln/detail/CVE-2024-26578

Do you need more information?

CVSS v4

Base Score:

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

EPSS

Base Score:

0.38

Products

Solutions

Resources

Company

Compare

Developer Tools