Github.Com Answerdev Answer vulnerabilities
34 known vulnerabilities affecting github.com/answerdev_answer.
Total CVEs
34
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH5MEDIUM21LOW2
Vulnerabilities
Page 1 of 2
CVE-2023-4815HIGH≥ 0, < 1.1.32023-09-07
CVE-2023-4815 [HIGH] CWE-306 Answer Missing Authentication for Critical Function
Answer Missing Authentication for Critical Function
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.
ghsaosv
CVE-2023-4124HIGH≥ 0, < 1.1.12023-08-03
CVE-2023-4124 [HIGH] CWE-862 Answer Missing Authorization vulnerability
Answer Missing Authorization vulnerability
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.
ghsaosv
CVE-2023-4125HIGH≥ 0, < 1.1.02023-08-03
CVE-2023-4125 [HIGH] CWE-521 Answer has Weak Password Requirements
Answer has Weak Password Requirements
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
ghsaosv
CVE-2023-4126MEDIUM≥ 0, < 1.1.02023-08-03
CVE-2023-4126 [MEDIUM] CWE-613 Answer Insufficient Session Expiration vulnerability
Answer Insufficient Session Expiration vulnerability
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.
ghsaosv
CVE-2023-4127MEDIUM≥ 0, < 1.1.12023-08-03
CVE-2023-4127 [MEDIUM] CWE-366 Answer has Race Condition within a Thread
Answer has Race Condition within a Thread
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
ghsaosv
CVE-2023-2590LOW≥ 0, < 1.0.92023-05-09
CVE-2023-2590 [LOW] CWE-862 Answer Missing Authorization vulnerability
Answer Missing Authorization vulnerability
A missing authorization in GitHub repository answerdev/answer prior to 1.0.9 can lead to a user rating their own answer as the best answer.
ghsaosv
CVE-2023-1976HIGH≥ 0, < 1.0.62023-04-11
CVE-2023-1976 [HIGH] CWE-263 Answer vulnerable to account takeover because password reset links do not expire
Answer vulnerable to account takeover because password reset links do not expire
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire.
ghsaosv
CVE-2023-1975MEDIUM≥ 0, < 1.0.82023-04-11
CVE-2023-1975 [MEDIUM] CWE-201 Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc.
ghsaosv
CVE-2023-1974MEDIUM≥ 0, < 1.0.82023-04-11
CVE-2023-1974 [MEDIUM] CWE-1230 Answer vulnerable to Exposure of Sensitive Information Through Metadata
Answer vulnerable to Exposure of Sensitive Information Through Metadata
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 may expose sensitive information, such as EXIF data and GPS coordatinates, via image metadata.
ghsaosv
CVE-2023-1537CRITICAL≥ 0, < 1.0.62023-03-21
CVE-2023-1537 [CRITICAL] CWE-294 Answer vulnerable to Authentication Bypass by Capture-replay
Answer vulnerable to Authentication Bypass by Capture-replay
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1543HIGH≥ 0, < 1.0.62023-03-21
CVE-2023-1543 [HIGH] CWE-613 Answer vulnerable to Insufficient Session Expiration
Answer vulnerable to Insufficient Session Expiration
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1535MEDIUM≥ 0, < 1.0.72023-03-21
CVE-2023-1535 [MEDIUM] CWE-79 Answer vulnerable to Stored Cross-site Scripting
Answer vulnerable to Stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
ghsaosv
CVE-2023-1542MEDIUM≥ 0, < 1.0.62023-03-21
CVE-2023-1542 [MEDIUM] Answer vulnerable to Business Logic Errors
Answer vulnerable to Business Logic Errors
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1538MEDIUM≥ 0, < 1.0.62023-03-21
CVE-2023-1538 [MEDIUM] CWE-203 Answer has Observable Timing Discrepancy
Answer has Observable Timing Discrepancy
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1536MEDIUM≥ 0, < 1.0.72023-03-21
CVE-2023-1536 [MEDIUM] CWE-79 Answer vulnerable to Stored Cross-site Scripting
Answer vulnerable to Stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
ghsaosv
CVE-2023-1540MEDIUM≥ 0, < 1.0.62023-03-21
CVE-2023-1540 [MEDIUM] CWE-203 Answer has Observable Response Discrepancy
Answer has Observable Response Discrepancy
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1539MEDIUM≥ 0, < 1.0.62023-03-21
CVE-2023-1539 [MEDIUM] CWE-307 Answer has Guessable CAPTCHA
Answer has Guessable CAPTCHA
Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1541LOW≥ 0, < 1.0.62023-03-21
CVE-2023-1541 [LOW] Answer vulnerable to Business Logic Errors
Answer vulnerable to Business Logic Errors
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1237MEDIUM≥ 0, < 1.0.62023-03-07
CVE-2023-1237 [MEDIUM] CWE-79 Answer vulnerable to Cross-site Scripting
Answer vulnerable to Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
CVE-2023-1241MEDIUM≥ 0, < 1.0.62023-03-07
CVE-2023-1241 [MEDIUM] CWE-79 Answer vulnerable to Cross-site Scripting
Answer vulnerable to Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
ghsaosv
1 / 2Next →