Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.
{
"cwe_ids": [
"CWE-772"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41890.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"last_affected": "1.3.5"
}
],
"source": "AFFECTED_FIELD"
},
{
"extracted_events": [
{
"fixed": "1.3.5"
}
],
"source": "DESCRIPTION"
}
],
"cna_assigner": "apache"
}