CVE-2024-54142

Name of the Vulnerable Software and Affected Versions Discourse AI (affected versions not specified)

Description The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak into the Discourse application if a user visits a post with a onebox for that conversation. This problem has been addressed in commit 92f122c.

Recommendations For all affected versions, update to a version that includes the fix from commit 92f122c. As a temporary workaround for users unable to update, remove all groups from the ai bot public sharing allowed groups site setting.