CVE-2024-55948

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest version

Description Discourse is an open source platform for community discussion. In affected versions, an attacker can make a crafted XHR request to poison the anonymous cache, which may have a response with missing preloaded data. This issue only affects anonymous visitors of the site.

Recommendations For versions prior to the latest version, update to the latest version to resolve the issue. As a temporary workaround for users unable to upgrade, disable anonymous cache by setting the DISCOURSE DISABLE ANON CACHE environment variable to a non-empty value.