GHSA-rmqp-mvv2-54c6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rmqp-mvv2-54c6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-rmqp-mvv2-54c6/GHSA-rmqp-mvv2-54c6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rmqp-mvv2-54c6
- Aliases
- Published
- 2024-02-22T12:30:56Z
- Modified
- 2025-02-13T19:12:50Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
- Details
-
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.
Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.
Users are recommended to upgrade to version 1.2.5, which fixes the issue.
- Database specific
{ "nvd_published_at": "2024-02-22T10:15:08Z", "cwe_ids": [ "CWE-434" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-22T19:31:41Z" }- References
Affected packages
Go / github.com/apache/incubator-answer
Package
- Name
- github.com/apache/incubator-answer
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/apache/incubator-answer