CVE-2025-29868: Apache Answer User Using External Images Potentially Discloses User Information

April 1, 2025 (updated April 10, 2025)

Private Data Structure Returned From A Public Method vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.2.

If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user. Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.

References

github.com/advisories/GHSA-wqcc-mfhw-53pc
github.com/apache/answer
github.com/apache/answer/issues/1250
lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf
nvd.nist.gov/vuln/detail/CVE-2025-29868

Code Behaviors & Features

Detect and mitigate CVE-2025-29868 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →