{"url":"http://public2.vulnerablecode.io/api/packages/107622?format=json","purl":"pkg:golang/github.com/apache/incubator-answer@1.2.5","type":"golang","namespace":"github.com/apache","name":"incubator-answer","version":"1.2.5","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.3.0","latest_non_vulnerable_version":"1.4.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84774?format=json","vulnerability_id":"VCID-77xb-7q6c-abgz","summary":"Apache Answer Cross-site Scripting vulnerability\nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23349","reference_id":"","reference_type":"","scores":[{"value":"0.04798","scoring_system":"epss","scoring_elements":"0.89689","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04798","scoring_system":"epss","scoring_elements":"0.89706","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04798","scoring_system":"epss","scoring_elements":"0.89691","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23349"},{"reference_url":"https://github.com/apache/incubator-answer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-answer"},{"reference_url":"https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:35:43Z/"}],"url":"https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23349","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23349"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/22/2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:35:43Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/22/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107622?format=json","purl":"pkg:golang/github.com/apache/incubator-answer@1.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/apache/incubator-answer@1.2.5"}],"aliases":["CVE-2024-23349","GHSA-8pf2-qj4v-fj64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77xb-7q6c-abgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85136?format=json","vulnerability_id":"VCID-mh9x-ahf8-27dh","summary":"Apache Answer Race Condition vulnerability\nConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26578","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52769","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52733","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52758","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52775","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26578"},{"reference_url":"https://github.com/apache/incubator-answer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-answer"},{"reference_url":"https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:28Z/"}],"url":"https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26578","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26578"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/22/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T18:08:28Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/22/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107622?format=json","purl":"pkg:golang/github.com/apache/incubator-answer@1.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/apache/incubator-answer@1.2.5"}],"aliases":["CVE-2024-26578","GHSA-9q24-hwmc-797x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh9x-ahf8-27dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84536?format=json","vulnerability_id":"VCID-zwej-9qeh-aqbk","summary":"Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability\nUnrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22393","reference_id":"","reference_type":"","scores":[{"value":"0.26731","scoring_system":"epss","scoring_elements":"0.96452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.26731","scoring_system":"epss","scoring_elements":"0.9646","published_at":"2026-06-09T12:55:00Z"},{"value":"0.26731","scoring_system":"epss","scoring_elements":"0.96454","published_at":"2026-06-08T12:55:00Z"},{"value":"0.26731","scoring_system":"epss","scoring_elements":"0.96448","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22393"},{"reference_url":"https://github.com/apache/incubator-answer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/incubator-answer"},{"reference_url":"https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T16:20:21Z/"}],"url":"https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22393","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22393"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/22/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T16:20:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/22/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107622?format=json","purl":"pkg:golang/github.com/apache/incubator-answer@1.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/apache/incubator-answer@1.2.5"}],"aliases":["CVE-2024-22393","GHSA-rmqp-mvv2-54c6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwej-9qeh-aqbk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/apache/incubator-answer@1.2.5"}