x/vulndb: potential Go vuln in github.com/apache/answer: GHSA-wqcc-mfhw-53pc

[GoVulnBot]

Advisory GHSA-wqcc-mfhw-53pc references a vulnerability in the following Go modules:

Module
github.com/apache/answer

Description:
Private Data Structure Returned From A Public Method vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.2.

If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user.
Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.

References:

• ADVISORY: GHSA-wqcc-mfhw-53pc
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-29868
• REPORT: Control external images display apache/answer#1250
• WEB: https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/apache/answer
      versions:
        - fixed: 1.4.5
      vulnerable_at: 1.4.5-RC1
summary: Apache Answer User Using External Images Potentially Discloses User Information in github.com/apache/answer
cves:
    - CVE-2025-29868
ghsas:
    - GHSA-wqcc-mfhw-53pc
references:
    - advisory: https://github.com/advisories/GHSA-wqcc-mfhw-53pc
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-29868
    - report: https://github.com/apache/answer/issues/1250
    - web: https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf
source:
    id: GHSA-wqcc-mfhw-53pc
    created: 2025-04-01T19:01:23.830375882Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/662295 mentions this issue: data/reports: add 3 reports