Answerdev Answer vulnerabilities

34 known vulnerabilities affecting answerdev/answerdev_answer.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL6HIGH5MEDIUM21LOW2

Vulnerabilities

Page 1 of 2

CVE-2023-4815HIGHCVSS 8.8≥ unspecified, < v1.1.32023-09-07

CVE-2023-4815 [HIGH] CWE-306 CVE-2023-4815: Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.

nvd

CVE-2023-4126HIGHCVSS 8.8≥ unspecified, < v1.1.02023-08-03

CVE-2023-4126 [HIGH] CWE-613 CVE-2023-4126: Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0. Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.

nvd

CVE-2023-4125HIGHCVSS 8.8≥ unspecified, < v1.1.02023-08-03

CVE-2023-4125 [HIGH] CWE-521 CVE-2023-4125: Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.

nvd

CVE-2023-4124MEDIUMCVSS 6.5≥ unspecified, < v1.1.12023-08-03

CVE-2023-4124 [MEDIUM] CWE-862 CVE-2023-4124: Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.

nvd

CVE-2023-4127MEDIUMCVSS 5.9≥ unspecified, < v1.1.12023-08-03

CVE-2023-4127 [MEDIUM] CWE-366 CVE-2023-4127: Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1. Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

nvd

CVE-2023-2590LOWCVSS 3.5≥ unspecified, < 1.0.92023-05-09

CVE-2023-2590 [LOW] CWE-862 CVE-2023-2590: Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.

nvd

CVE-2023-1976HIGHCVSS 8.8≥ unspecified, < 1.0.62023-04-11

CVE-2023-1976 [HIGH] CWE-263 CVE-2023-1976: Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6. Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1975MEDIUMCVSS 6.5≥ unspecified, < 1.0.82023-04-11

CVE-2023-1975 [MEDIUM] CWE-201 CVE-2023-1975: Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0 Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

nvd

CVE-2023-1974MEDIUMCVSS 6.5≥ unspecified, < 1.0.82023-04-11

CVE-2023-1974 [MEDIUM] CWE-1230 CVE-2023-1974: Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1. Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.

nvd

CVE-2023-1537CRITICALCVSS 9.8≥ unspecified, < 1.0.62023-03-21

CVE-2023-1537 [CRITICAL] CWE-294 CVE-2023-1537: Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1543HIGHCVSS 8.8≥ unspecified, < 1.0.62023-03-21

CVE-2023-1543 [HIGH] CWE-613 CVE-2023-1543: Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1535MEDIUMCVSS 5.4≥ unspecified, < 1.0.72023-03-21

CVE-2023-1535 [MEDIUM] CWE-79 CVE-2023-1535: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

nvd

CVE-2023-1539MEDIUMCVSS 5.3≥ unspecified, < 1.0.62023-03-21

CVE-2023-1539 [MEDIUM] CWE-307 CVE-2023-1539: Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prio Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1538MEDIUMCVSS 5.3≥ unspecified, < 1.0.62023-03-21

CVE-2023-1538 [MEDIUM] CWE-208 CVE-2023-1538: Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1542MEDIUMCVSS 5.4≥ unspecified, < 1.0.62023-03-21

CVE-2023-1542 [MEDIUM] CWE-840 CVE-2023-1542: Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1540MEDIUMCVSS 5.3≥ unspecified, < 1.0.62023-03-21

CVE-2023-1540 [MEDIUM] CWE-204 CVE-2023-1540: Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1536MEDIUMCVSS 5.4≥ unspecified, < 1.0.72023-03-21

CVE-2023-1536 [MEDIUM] CWE-79 CVE-2023-1536: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

nvd

CVE-2023-1541LOWCVSS 3.8≥ unspecified, < 1.0.62023-03-21

CVE-2023-1541 [LOW] CWE-840 CVE-2023-1541: Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1237MEDIUMCVSS 5.4≥ unspecified, < 1.0.62023-03-07

CVE-2023-1237 [MEDIUM] CWE-79 CVE-2023-1237: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

nvd

CVE-2023-1239MEDIUMCVSS 4.8≥ unspecified, < 1.0.62023-03-07

CVE-2023-1239 [MEDIUM] CWE-79 CVE-2023-1239: Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.

nvd

1 / 2Next →