{"id":"GHSA-mr95-vfcf-fx9p","summary":"Apache Answer: Predictable Authorization Token Using UUIDv1","details":"Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue.","aliases":["CVE-2024-45719","GO-2024-3287"],"modified":"2024-11-27T21:56:44Z","published":"2024-11-22T21:32:14Z","database_specific":{"github_reviewed_at":"2024-11-22T22:50:08Z","github_reviewed":true,"severity":"LOW","cwe_ids":["CWE-326"],"nvd_published_at":"2024-11-22T15:15:10Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45719"},{"type":"PACKAGE","url":"https://github.com/apache/incubator-answer"},{"type":"WEB","url":"https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/11/22/1"}],"affected":[{"package":{"name":"github.com/apache/incubator-answer","ecosystem":"Go","purl":"pkg:golang/github.com/apache/incubator-answer"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-mr95-vfcf-fx9p/GHSA-mr95-vfcf-fx9p.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"}]}