CVE-2023-47634: Race condition in Endorsements
(updated )
A race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement.
To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel.
References
- github.com/advisories/GHSA-r275-j57c-7mf2
- github.com/decidim/decidim
- github.com/decidim/decidim/commit/5c5ee7a50d75c10643dd8c495e2517641e4d74db
- github.com/decidim/decidim/commit/7b840d2c37a562709f4481db644d8c43add28536
- github.com/decidim/decidim/releases/tag/v0.26.9
- github.com/decidim/decidim/releases/tag/v0.27.5
- github.com/decidim/decidim/releases/tag/v0.28.0
- github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
- github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-47634.yml
- nvd.nist.gov/vuln/detail/CVE-2023-47634
Code Behaviors & Features
Detect and mitigate CVE-2023-47634 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →