CVE-2024-40761

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-40761

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40761.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-40761

Aliases

Published

2024-09-25T08:15:04.437Z

Modified

2025-11-20T12:28:07.133183Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.3.5.

Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/incubator-answer

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-answer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7e8ec522603bd21a8b12d967a4859af29c79b7c8

Affected versions

v0.*

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.0-beta.1

v1.1.0-beta.2

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.0-RC1

v1.2.1

v1.2.1-RC1

v1.2.5

v1.2.5-RC1

v1.2.5-RC2

v1.3.0

v1.3.0-RC1

v1.3.1

v1.3.1-RC1

v1.3.1-RC2

v1.3.5

v1.3.5-RC1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40761.json"