Home > Vulnerability Database > CVE-2024-41890

Mend.io Vulnerability Database

CVE-2024-41890

Good to know:

Date: August 9, 2024

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.

Language: Go

Severity Score

5.3

Related Resources (6)

Url: https://github.com/advisories/GHSA-gvpv-r32v-9737

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41890

Url: github.com/apache/incubator-answer

Url: https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b

Url: https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9

Url: https://www.mend.io/vulnerability-database/CVE-2024-41890

Severity Score

5.3

Weakness Type (CWE)

Missing Release of Resource after Effective Lifetime

CWE-772

Top Fix

Upgrade Version

Upgrade to version v1.3.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41890

Good to know:

Date: August 9, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?