{"id":8525687,"name":"github.com/apache/incubator-answer","ecosystem":"go","description":"","homepage":"https://github.com/apache/incubator-answer","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/apache/incubator-answer","keywords_array":[],"namespace":"github.com/apache","versions_count":59,"first_release_published_at":"2022-11-01T10:09:48.000Z","latest_release_published_at":"2025-12-15T07:48:45.000Z","latest_release_number":"v1.7.1","last_synced_at":"2026-06-29T11:43:50.662Z","created_at":"2023-11-02T01:29:38.392Z","updated_at":"2026-06-29T11:43:50.663Z","registry_url":"https://pkg.go.dev/github.com/apache/incubator-answer","install_command":"go get github.com/apache/incubator-answer","documentation_url":"https://pkg.go.dev/github.com/apache/incubator-answer#section-documentation","metadata":{},"repo_metadata":{"uuid":"542931741","full_name":"apache/incubator-answer","owner":"apache","description":"A Q\u0026A platform software for teams at any scales. Whether it's a community forum, help center, or knowledge management platform, you can always count on Answer.","archived":false,"fork":false,"pushed_at":"2023-10-26T03:11:24.000Z","size":7996,"stargazers_count":8192,"open_issues_count":57,"forks_count":534,"subscribers_count":75,"default_branch":"main","last_synced_at":"2023-10-26T04:15:10.382Z","etag":null,"topics":["community","forum","go","golang","hacktoberfest","q-and-a","question","react","typescript"],"latest_commit_sha":null,"homepage":"https://answer.apache.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apache.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null}},"created_at":"2022-09-29T05:16:19.000Z","updated_at":"2023-11-01T05:24:54.603Z","dependencies_parsed_at":"2023-10-24T06:25:46.364Z","dependency_job_id":"a3154fe4-9d16-469b-9064-4001a8098694","html_url":"https://github.com/apache/incubator-answer","commit_stats":{"total_commits":1601,"total_committers":38,"mean_commits":42.13157894736842,"dds":0.7382885696439725,"last_synced_commit":"e53ff7304f6da709c4b6e1572cf7fe100b45c739"},"previous_names":["apache/incubator-answer","answerdev/answer"],"tags_count":23,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fincubator-answer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fincubator-answer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fincubator-answer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fincubator-answer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","download_url":"https://codeload.github.com/apache/incubator-answer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":169099746,"owners_count":9352543,"icon_url":"https://github.com/github.png","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"repo_metadata_updated_at":"2023-11-02T01:29:43.900Z","dependent_packages_count":21,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":10.712664363524581,"dependent_packages_count":8.977673636487634,"stargazers_count":0.7166018356243016,"forks_count":1.2233424320698914,"docker_downloads_count":null,"average":5.407570566926602},"purl":"pkg:golang/github.com/apache/incubator-answer","advisories":[{"uuid":"GSA_kwCzR0hTQS1tcjk1LXZmY2YtZng5cM4ABBnu","url":"https://github.com/advisories/GHSA-mr95-vfcf-fx9p","title":"Apache Answer: Predictable Authorization Token Using UUIDv1","description":"Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-11-22T21:32:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":2.0,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-45719","https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491","http://www.openwall.com/lists/oss-security/2024/11/22/1","https://github.com/advisories/GHSA-mr95-vfcf-fx9p"],"source_kind":"github","identifiers":["GHSA-mr95-vfcf-fx9p","CVE-2024-45719"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-11-22T23:06:13.947Z","updated_at":"2026-06-26T02:04:52.718Z","epss_percentage":0.00229,"epss_percentile":0.13537,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcjk1LXZmY2YtZng5cM4ABBnu","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tcjk1LXZmY2YtZng5cM4ABBnu","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.4.1","vulnerable_version_range":"\u003c 1.4.1"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcjk1LXZmY2YtZng5cM4ABBnu/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00OGNyLWoyY3gtbWNyOM4AA_xB","url":"https://github.com/advisories/GHSA-48cr-j2cx-mcr8","title":"Apache Answer: Avatar URL leaked user email addresses","description":"Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nUsing the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.\nUsers are recommended to upgrade to version 1.4.0, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-09-25T09:30:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-40761","https://lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x","https://github.com/apache/incubator-answer/commit/c3a17046c6c3be1cec16ba49d07d9f7742b7260f","http://www.openwall.com/lists/oss-security/2024/09/25/2","http://www.openwall.com/lists/oss-security/2024/09/25/5","http://www.openwall.com/lists/oss-security/2024/09/25/6","http://www.openwall.com/lists/oss-security/2024/09/25/7","http://www.openwall.com/lists/oss-security/2024/09/25/8","http://www.openwall.com/lists/oss-security/2024/09/26/1","http://www.openwall.com/lists/oss-security/2024/09/26/3","http://www.openwall.com/lists/oss-security/2024/09/26/4","http://www.openwall.com/lists/oss-security/2024/09/27/4","http://www.openwall.com/lists/oss-security/2024/09/27/5","http://www.openwall.com/lists/oss-security/2024/09/27/8","https://github.com/advisories/GHSA-48cr-j2cx-mcr8"],"source_kind":"github","identifiers":["GHSA-48cr-j2cx-mcr8","CVE-2024-40761"],"repository_url":"https://github.com/apache/incubator-answer","blast_radius":1.0,"created_at":"2024-09-25T15:06:31.528Z","updated_at":"2026-06-22T18:05:42.367Z","epss_percentage":0.00723,"epss_percentile":0.49159,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OGNyLWoyY3gtbWNyOM4AA_xB","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00OGNyLWoyY3gtbWNyOM4AA_xB","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.4.0","vulnerable_version_range":"\u003c 1.4.0"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OGNyLWoyY3gtbWNyOM4AA_xB/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12M3g5LXdycTUtODY4as4AA-hc","url":"https://github.com/advisories/GHSA-v3x9-wrq5-868j","title":"Apache Answer: The link for resetting user password is not Single-Use","description":"Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nThe password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.\nUsers are recommended to upgrade to version 1.3.6, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-08-12T15:30:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-41888","https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4","https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b","http://www.openwall.com/lists/oss-security/2024/08/09/5","https://github.com/advisories/GHSA-v3x9-wrq5-868j"],"source_kind":"github","identifiers":["GHSA-v3x9-wrq5-868j","CVE-2024-41888"],"repository_url":"https://github.com/apache/incubator-answer","blast_radius":1.0,"created_at":"2024-08-12T19:05:38.726Z","updated_at":"2026-06-22T18:06:05.786Z","epss_percentage":0.01222,"epss_percentile":0.64792,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12M3g5LXdycTUtODY4as4AA-hc","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12M3g5LXdycTUtODY4as4AA-hc","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.3.6","vulnerable_version_range":"\u003c 1.3.6"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12M3g5LXdycTUtODY4as4AA-hc/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ndnB2LXIzMnYtOTczN84AA-hg","url":"https://github.com/advisories/GHSA-gvpv-r32v-9737","title":"Apache Answer: The link to reset the user's password will remain valid after sending a new link","description":"Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nUser sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.\nUsers are recommended to upgrade to version 1.3.6, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-08-12T15:30:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-41890","https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9","https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b","http://www.openwall.com/lists/oss-security/2024/08/09/4","https://github.com/advisories/GHSA-gvpv-r32v-9737"],"source_kind":"github","identifiers":["GHSA-gvpv-r32v-9737","CVE-2024-41890"],"repository_url":"https://github.com/apache/incubator-answer","blast_radius":1.0,"created_at":"2024-08-12T19:05:38.746Z","updated_at":"2026-06-22T18:06:05.786Z","epss_percentage":0.01149,"epss_percentile":0.62711,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndnB2LXIzMnYtOTczN84AA-hg","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ndnB2LXIzMnYtOTczN84AA-hg","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.3.6","vulnerable_version_range":"\u003c 1.3.6"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndnB2LXIzMnYtOTczN84AA-hg/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC","url":"https://github.com/advisories/GHSA-cvqr-mwh6-2vc6","title":"Apache Answer: XSS vulnerability when changing personal website","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'/`XSS`) vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.\n\nXSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack.\nUsers are recommended to upgrade to version [1.3.0], which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-04-21T18:30:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-29217","https://lists.apache.org/thread/nc0g1borr0d3wx25jm39pn7nyf268n0x","http://www.openwall.com/lists/oss-security/2024/04/19/1","https://github.com/advisories/GHSA-cvqr-mwh6-2vc6"],"source_kind":"github","identifiers":["GHSA-cvqr-mwh6-2vc6","CVE-2024-29217"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-04-22T16:05:00.386Z","updated_at":"2026-06-22T18:07:07.157Z","epss_percentage":0.00966,"epss_percentile":0.57098,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.3.0","vulnerable_version_range":"\u003c 1.3.0"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx","url":"https://github.com/advisories/GHSA-9q24-hwmc-797x","title":"Apache Answer Race Condition vulnerability","description":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-22T12:30:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-26578","https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb","http://www.openwall.com/lists/oss-security/2024/02/22/3","https://github.com/advisories/GHSA-9q24-hwmc-797x"],"source_kind":"github","identifiers":["GHSA-9q24-hwmc-797x","CVE-2024-26578"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-02-22T22:04:39.955Z","updated_at":"2026-06-23T16:07:41.022Z","epss_percentage":0.00895,"epss_percentile":0.54798,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.2.5","vulnerable_version_range":"\u003c 1.2.5"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct","url":"https://github.com/advisories/GHSA-rmqp-mvv2-54c6","title":"Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-02-22T12:30:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.1,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-22393","https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv","http://www.openwall.com/lists/oss-security/2024/02/22/1","https://github.com/advisories/GHSA-rmqp-mvv2-54c6"],"source_kind":"github","identifiers":["GHSA-rmqp-mvv2-54c6","CVE-2024-22393"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-02-22T20:04:40.464Z","updated_at":"2026-06-26T12:06:35.217Z","epss_percentage":0.0248,"epss_percentile":0.82508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.2.5","vulnerable_version_range":"\u003c 1.2.5"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1","url":"https://github.com/advisories/GHSA-8pf2-qj4v-fj64","title":"Apache Answer Cross-site Scripting vulnerability","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-22T12:30:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-23349","https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg","http://www.openwall.com/lists/oss-security/2024/02/22/2","https://github.com/advisories/GHSA-8pf2-qj4v-fj64"],"source_kind":"github","identifiers":["GHSA-8pf2-qj4v-fj64","CVE-2024-23349"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-02-22T20:04:40.487Z","updated_at":"2026-06-23T16:07:41.028Z","epss_percentage":0.01073,"epss_percentile":0.60535,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.2.5","vulnerable_version_range":"\u003c 1.2.5"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf","url":"https://github.com/advisories/GHSA-f899-4mr4-fqpv","title":"Apache Answer Race Condition vulnerability","description":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.2.0.\n\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\n\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-01-10T09:30:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":3.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-49619","https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4","http://www.openwall.com/lists/oss-security/2024/01/10/1","https://github.com/advisories/GHSA-f899-4mr4-fqpv"],"source_kind":"github","identifiers":["GHSA-f899-4mr4-fqpv","CVE-2023-49619"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-01-10T16:06:14.310Z","updated_at":"2026-06-24T09:07:58.119Z","epss_percentage":0.00891,"epss_percentile":0.54676,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf","packages":[{"ecosystem":"go","package_name":"github.com/apache/incubator-answer","versions":[{"first_patched_version":"1.2.1","vulnerable_version_range":"\u003c 1.2.1"}],"purl":"pkg:go/github.com%2Fapache%2Fincubator-answer"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/apache/incubator-answer","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/apache/incubator-answer","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/apache/incubator-answer/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fapache%2Fincubator-answer/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fapache%2Fincubator-answer/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fapache%2Fincubator-answer/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fapache%2Fincubator-answer/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fapache%2Fincubator-answer/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fapache%2Fincubator-answer/codemeta","maintainers":[]}