-
-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2023-47634.yml
31 lines (27 loc) · 961 Bytes
/
CVE-2023-47634.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
gem: decidim
cve: 2023-47634
ghsa: r275-j57c-7mf2
url: https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
title: Race condition in Endorsements
date: 2024-02-20
description: |
### Impact
A race condition in the endorsement of resources (for instance,
a proposal) allows a user to make more than once endorsement.
To exploit this vulnerability, the request to set an
endorsement must be sent several times in parallel.
### Workarounds
Disable the Endorsement feature in the components.
cvss_v3: 3.1
unaffected_versions:
- "< 0.10.0"
patched_versions:
- "~> 0.26.9"
- ">= 0.27.5"
related:
url:
- https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
- https://github.com/decidim/decidim/commit/5c5ee7a50d75c10643dd8c495e2517641e4d74db
- https://github.com/decidim/decidim/commit/7b840d2c37a562709f4481db644d8c43add28536
- https://github.com/advisories/GHSA-r275-j57c-7mf2