Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1 | Patch Third Party Advisory |
https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-12-01T19:40:10
Updated: 2021-12-01T19:40:10
Reserved: 2021-11-16T00:00:00
Link: CVE-2021-43794
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-01T20:15:08.727
Modified: 2021-12-03T03:11:50.163
Link: CVE-2021-43794
JSON object: View
Redhat Information
No data.
CWE