Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-12T20:46:00.196Z
Updated: 2024-01-12T20:46:00.196Z
Reserved: 2023-12-29T16:10:20.366Z
Link: CVE-2024-21655
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-12T21:15:11.510
Modified: 2024-01-25T15:36:21.337
Link: CVE-2024-21655
JSON object: View
Redhat Information
No data.