CVE-2024-21658

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions discourse-calendar (affected versions not specified)

Description The discourse-calendar plugin has a limit on region value length that is too generous, allowing a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in the main branch.

Recommendations Please upgrade the discourse-calendar plugin as soon as possible, as there are no workarounds for this issue.

Exploit

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2024-21658

GHSA-65F2-9GHP-X8H8

Affected Products

Discourse Calendar

CVE-2024-21658

Weakness Enumeration

Related Identifiers

Affected Products

References · 9