Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.
{ "nvd_published_at": "2024-08-12T13:38:31Z", "cwe_ids": [ "CWE-772" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-08-12T18:33:30Z" }