CVE-2024-41890
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Aug 12, 2024
Updated: Aug 29, 2024
CWE ID 772
Summary
CVE-2024-41890 is a resource management vulnerability affecting Apache Answer up to version 1.3.5. The issue arises when a user sends multiple password reset emails, each with a valid link. If these links are not properly managed, they may be misused or hijacked within their validity period. To mitigate this risk, it is strongly recommended that users upgrade to version 1.3.6, which addresses the identified issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Apache Software Foundation