Lucene search
ApacheCVELIST:CVE-2024-40761HistorySep 25, 2024 - 7:31 a.m.
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses
2024-09-2507:31:08
CWE-326
apache
www.cve.org
2
apache answer
avatar url
gravatar
sha256
inadequate encryption strength
vulnerability
upgrade
version 1.4.0
cve-2024-40761
EPSS
0
Percentile
9.6%
Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
Using the MD5 value of a user’s email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.
Users are recommended to upgrade to version 1.4.0, which fixes the issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Answer",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer
2024-09-26 18:24:03
Apache Answer: Avatar URL leaked user email addresses
2024-09-25 09:30:46
vulnrichment
vulnrichment
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses
2024-09-25 07:31:08
github
github
Apache Answer: Avatar URL leaked user email addresses
2024-09-25 09:30:46
nvd
nvd
CVE-2024-40761
2024-09-25 08:15:04
cve
cve
CVE-2024-40761
2024-09-25 08:15:04