CVE-2023-4127 : Race Condition within a Thread in GitHub repository answerdev/answer prior to v1

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

Published 2023-08-03 04:15:12

Updated 2023-08-08 17:01:00

Source huntr.dev

View at NVD, CVE.org

Products affected by CVE-2023-4127

Answer » Answer
Versions before (<) 1.1.1
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE-366 Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Assigned by: security@huntr.dev (Primary)

https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba

Race Condition Vulnerability can Leads to Up Vote Stealing vulnerability found in answer
Exploit;Patch;Third Party Advisory
https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182

refactor(votes): refactor user vote repo · answerdev/answer@47661dc · GitHub
Patch

Jump to