CVE-2024-22393

CVE-2024-22393: Apache Answer: Pixel Flood Attack by uploading the large pixel file

Vendor Apache Software Foundation

Product Apache Answer

Weakness CWE-434 · Unrestricted file upload

Published February 22, 2024

Last update April 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Key dates

Disclosure timeline

February 22, 2024 CVE published

April 22, 2025 Record updated