CVE-2024-40761— Apache Answer: Avatar URL leaked user email addresses

EPSS 0.81% · P74 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-40761

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Apache Answer: Avatar URL leaked user email addresses

Source: NVD (National Vulnerability Database)

Vulnerability Description

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

不充分的加密强度

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Answer 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Answer是美国阿帕奇（Apache）基金会的一个社区平台。 Apache Answer 1.3.5版本及之前版本存在安全漏洞，该漏洞源于使用用户电子邮件的 MD5 值访问 Gravatar 是不安全的，可能会导致用户电子邮件泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Answer	0 ~ 1.3.5	-

II. Public POCs for CVE-2024-40761

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-40761

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Apache Answer

Same vendor: Apache Software Foundation

Same weakness: CWE-326

V. Comments for CVE-2024-40761

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-40761— Apache Answer: Avatar URL leaked user email addresses

I. Basic Information for CVE-2024-40761

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-40761

III. Intelligence Information for CVE-2024-40761

IV. Related Vulnerabilities

V. Comments for CVE-2024-40761

Leave a comment