GHSA-r275-j57c-7mf2

Suggest an improvement
Source
https://github.com/advisories/GHSA-r275-j57c-7mf2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-r275-j57c-7mf2/GHSA-r275-j57c-7mf2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r275-j57c-7mf2
Aliases
  • CVE-2023-47634
Published
2024-02-20T18:02:52Z
Modified
2024-06-25T02:33:22.345509Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Race condition in Endorsements
Details

Impact

A race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement.

To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel.

Workarounds

Disable the Endorsement feature in the components.

References

Affected packages

RubyGems / decidim

Package

Name
decidim
Purl
pkg:gem/decidim

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.10.0
Fixed
0.26.9

Affected versions

0.*

0.10.0
0.10.1
0.11.0.pre1
0.11.1
0.11.2
0.12.0.pre
0.12.0
0.12.1
0.12.2
0.13.0.pre1
0.13.0
0.13.1
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.18.0
0.18.1
0.19.0
0.19.1
0.20.0
0.20.1
0.21.0
0.22.0
0.23.0
0.23.1.rc1
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.24.0.rc1
0.24.0.rc2
0.24.0
0.24.1
0.24.2
0.24.3
0.25.0.rc1
0.25.0.rc2
0.25.0.rc3
0.25.0.rc4
0.25.0
0.25.1
0.25.2
0.26.0.rc2
0.26.0
0.26.1
0.26.2
0.26.3
0.26.4
0.26.5
0.26.7
0.26.8

RubyGems / decidim

Package

Name
decidim
Purl
pkg:gem/decidim

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.27.0
Fixed
0.27.5

Affected versions

0.*

0.27.0
0.27.1
0.27.2
0.27.3
0.27.4