Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-47634

LOW
Published 2024-02-20T16:37:51.966Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-47634. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
3.1
/10
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.003
probability
of exploitation in the wild

There is a 0.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.517
Higher than 51.7% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
LOW
Availability
NONE

Description

Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

decidim

decidim

Affected Versions:

>= 0.10.0, < 0.26.9 >= 0.27.0, < 0.27.5

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

Race condition in Endorsements

GHSA-r275-j57c-7mf2

Advisory Details

### Impact A race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. ### Workarounds Disable the Endorsement feature in the components.

Affected Packages

RubyGems decidim
ECOSYSTEM: ≥0.10.0 <0.26.9
RubyGems decidim
ECOSYSTEM: ≥0.27.0 <0.27.5

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

References

WEB https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-47634
WEB https://github.com/decidim/decidim/commit/5c5ee7a50d75c10643dd8c495e2517641e4d74db
WEB https://github.com/decidim/decidim/commit/7b840d2c37a562709f4481db644d8c43add28536
PACKAGE https://github.com/decidim/decidim
WEB https://github.com/decidim/decidim/releases/tag/v0.26.9
WEB https://github.com/decidim/decidim/releases/tag/v0.27.5
WEB https://github.com/decidim/decidim/releases/tag/v0.28.0
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-47634.yml

Advisory provided by GitHub Security Advisory Database. Published: February 20, 2024, Modified: February 14, 2025

References

https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2
https://github.com/decidim/decidim/releases/tag/v0.26.9
https://github.com/decidim/decidim/releases/tag/v0.27.5
https://github.com/decidim/decidim/releases/tag/v0.28.0
Published: 2024-02-20T16:37:51.966Z
Last Modified: 2024-08-02T21:16:42.668Z
Copied to clipboard!