ADVISORIES

• CVE-2023-47634 (NVD)
• GHSA-r275-j57c-7mf2
• Vendor Advisory

GEM

decidim

SEVERITY

CVSS v3.x: 3.1 (Low)

UNAFFECTED VERSIONS

• < 0.10.0

PATCHED VERSIONS

• ~> 0.26.9
• >= 0.27.5

DESCRIPTION

"### Impact\n\nA race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement.\n\nTo exploit this vulnerability, the request to set an endorsement must be sent several times in parallel.\n \n### Workarounds\n\nDisable the Endorsement feature in the components. "

RELATED

• https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
• https://github.com/decidim/decidim/commit/5c5ee7a50d75c10643dd8c495e2517641e4d74db
• https://github.com/decidim/decidim/commit/7b840d2c37a562709f4481db644d8c43add28536
• https://github.com/advisories/GHSA-r275-j57c-7mf2