VYPR
Unrated severityNVD Advisory· Published Mar 16, 2022· Updated Apr 23, 2025

Race condition in Zulip

CVE-2022-24751

Description

Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zulip/Zulipllm-fuzzy2 versions
    >=4.0, <4.11+ 1 more
    • (no CPE)range: >=4.0, <4.11
    • (no CPE)range: >= 4.0, < 4.11

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.