CVE-2024-31219

Name of the Vulnerable Software and Affected Versions Discourse-reactions plugin (affected versions not specified)

Description The issue concerns the Discourse-reactions plugin, which allows users to add reactions to posts. When whispers are enabled on a site via the whispers allowed groups variable and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are exposed on the "/u/:username/activity/reactions" API endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.