CVE-2026-24735

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24735

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24735.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24735

Aliases

Published

2026-02-04T11:16:03.130Z

Modified

2026-03-14T12:47:20.896519Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.7.1.

An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/incubator-answer

Affected ranges

Type

GIT

Repo

https://github.com/apache/incubator-answer

Events

Introduced

Fixed

a6bfd402b68091b4e84f98255c48caa9dbefe17d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.0"
        }
    ]
}

Affected versions

v0.*

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.0-beta.1

v1.1.0-beta.2

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.0-RC1

v1.2.1

v1.2.1-RC1

v1.2.5

v1.2.5-RC1

v1.2.5-RC2

v1.3.0

v1.3.0-RC1

v1.3.1

v1.3.1-RC1

v1.3.1-RC2

v1.3.5

v1.3.5-RC1

v1.3.6

v1.3.6-RC1

v1.4.0

v1.4.0-RC1

v1.4.1

v1.4.1-RC1

v1.4.1-RC2

v1.4.2

v1.4.2-RC1

v1.4.2-RC2

v1.4.5

v1.4.5-RC1

v1.5.0

v1.5.0-RC1

v1.5.1

v1.5.1-RC1

v1.6.0

v1.6.0-RC1

v1.7.0

v1.7.0-RC1

v1.7.1

v1.7.1-RC1

v1.7.1-RC2

v2.*

v2.0.0-RC1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24735.json"