Zere0

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.3.2 Discourse versions tests-passed prior to 3.4.0.beta2 **Description** The issue affects Discourse, an open source platform for community discussion, and allows an attacker to poison the cache with repeated XHR requests, affecting anonymous visitors of the site. **Recommendations** For Discourse versions prior to 3.3.2, upgrade to the latest version to resolve the issue. For Discourse versions tests-passed prior to 3.4.0.beta2, upgrade to a version at or after 3.4.0.beta2 to resolve the issue. As a temporary workaround for users unable to upgrade, consider disabling anonymous cache by setting the `DISCOURSE DISABLE ANON CACHE` environment variable to a non-empty value.