CVE-2024-22393: Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability

February 22, 2024 (updated November 18, 2024)

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.

Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.

Users are recommended to upgrade to version 1.2.5, which fixes the issue.

References

github.com/advisories/GHSA-rmqp-mvv2-54c6
github.com/apache/incubator-answer
lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv
nvd.nist.gov/vuln/detail/CVE-2024-22393

Detect and mitigate CVE-2024-22393 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →