CVE-2024-21658
Insufficient control of region value length in discourse-calendar
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
30 ago 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Productos afectados
discourse · discourse-calendar¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →