VYPR
Moderate severityNVD Advisory· Published Sep 25, 2024· Updated Sep 27, 2024

Apache Answer: Avatar URL leaked user email addresses

CVE-2024-40761

Description

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.3.5.

Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/apache/incubator-answerGo
< 1.4.01.4.0

Affected products

2

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.