CVE-2023-47634
LOW3.1EPSS 0.29%Race condition in Endorsements
發布日:2024/2/20修改日:2025/2/14
描述
### Impact A race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. ### Workarounds Disable the Endorsement feature in the components.
受影響套件(1)
- RubyGems/decidim>= 0.10.0, < 0.26.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-47634
- PATCHhttps://github.com/decidim/decidim
- WEBhttps://github.com/decidim/decidim/commit/5c5ee7a50d75c10643dd8c495e2517641e4d74db
- WEBhttps://github.com/decidim/decidim/commit/7b840d2c37a562709f4481db644d8c43add28536
- WEBhttps://github.com/decidim/decidim/releases/tag/v0.26.9
- WEBhttps://github.com/decidim/decidim/releases/tag/v0.27.5
- WEBhttps://github.com/decidim/decidim/releases/tag/v0.28.0
- WEBhttps://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-47634.yml