CVE-2023-49619: 
vulnerability analysis and mitigation

A race condition vulnerability (CVE-2023-49619) was discovered in Apache Answer through version 1.2.0. The vulnerability is related to concurrent execution using shared resources with improper synchronization. Under normal circumstances, users can only bookmark a question once, which should only increment the bookmark counter once. However, this vulnerability allows attackers to use scripts to make repeated submissions, resulting in abnormal increases in the question collection counter (OSS Security).

The vulnerability is classified as CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization). The National Vulnerability Database has assigned this vulnerability a CVSS v3.1 Base Score of 3.1 LOW (Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N), indicating a relatively low severity but exploitable vulnerability (NVD).

When exploited, this vulnerability allows attackers to manipulate the bookmark counter of questions through repeated script submissions, leading to artificially inflated collection numbers. This could potentially affect the reliability of content popularity metrics within the Apache Answer platform (OSS Security).

Users are recommended to upgrade to Apache Answer version 1.2.1, which contains the fix for this vulnerability. No alternative workarounds have been published (OSS Security).