oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy.

From: Enxin Xie <linkinstar () apache org>
Date: Tue, 01 Apr 2025 02:44:41 +0000
Severity: low

Affected versions:

- Apache Answer through 1.4.2

Description:

Private Data Structure Returned From A Public Method vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.2.

If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain 
private information about the ip address of that accessing user.
Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set 
whether external content can be displayed.

Credit:

Hamed Kohi (reporter)
Luke Smith (reporter)

References:

https://answer.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-29868
Previous By Date Next
Previous By Thread Next

Current thread: