← Volver a CVEs
CVE-2024-21658
MEDIUM4.3
Descripcion
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado8/30/2024
Ultima modificacion9/5/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
discourse:discourse_calendar
Debilidades (CWE)
CWE-400CWE-770
Referencias
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.