CVE-2024-40761

Description

Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer

How to fix CVE-2024-40761

To remediate CVE-2024-40761, upgrade the affected package to a fixed version below.

• Go/github.com/apache/incubator-answer—upgrade to 1.4.0 or later
• —upgrade to 1.4.0 or later

Is CVE-2024-40761 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.4.0
• from 0, < 1.4.0

CVSS scores

References (16)

• ADVISORYgithub.com/advisories/GHSA-48cr-j2cx-mcr8
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-40761
• PATCHgithub.com/apache/incubator-answer
• WEBgithub.com/apache/incubator-answer/commit/c3a17046c6c3be1cec16ba49d07d9f7742b7260f