← Zuruck zu CVEs
CVE-2024-21658
MEDIUM4.3
Beschreibung
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht8/30/2024
Zuletzt geandert9/5/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
discourse:discourse_calendar
Schwachen (CWE)
CWE-400CWE-770
Referenzen
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.