CVE-2024-27085

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest version

Description The issue affects Discourse, an open source platform for community discussion. Users allowed to invite others can inject arbitrarily large data in parameters used in the invite route.

Recommendations For versions prior to the latest version, upgrade to the latest version. As a temporary workaround for users unable to upgrade, consider disabling invites or restrict access to them using the invite allowed groups site setting.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BIT-DISCOURSE-2024-27085

CVE-2024-27085

GHSA-CVP5-H7P8-MJJ6

Affected Products

Discourse

CVE-2024-27085

Weakness Enumeration

Related Identifiers

Affected Products

References · 8