| |
Vulnerability CVE-2024-41890
Published: 2024-08-12
| Description: |
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue. |
Type:
CWE-772
References: |
https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
