Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Race condition in Zulip
Vulnerability Description
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Zulip 竞争条件问题漏洞
Vulnerability Description
Zulip是Zulip团队的一款功能强大的开源群聊应用程序。用于将实时聊天的即时性与线程对话的生产力优势相结合。 Zulip 4.0版本及4.11之前版本 存在竞争条件问题漏洞,该漏洞源于Zulip 在帐户停用期间容易受到竞争条件的影响。在极少数情况下,当被停用的用户同时访问时,是允许停用的用户继续访问的。
CVSS Information
N/A
Vulnerability Type
N/A