Home > Vulnerability Database > CVE-2024-45719

Mend.io Vulnerability Database

CVE-2024-45719

Good to know:

Date: November 22, 2024

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Language: Go

Severity Score

2.6

Related Resources (6)

Url: https://github.com/advisories/GHSA-mr95-vfcf-fx9p

Url: http://www.openwall.com/lists/oss-security/2024/11/22/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45719

Url: https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491

Url: https://github.com/apache/incubator-answer

Url: https://www.mend.io/vulnerability-database/CVE-2024-45719

Severity Score

2.6

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Top Fix

Upgrade Version

Upgrade to version github.com/apache/incubator-answer - v1.4.1

Learn More

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45719

Good to know:

Date: November 22, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?