← Voltar para CVEs
CVE-2024-21658
MEDIUM4.3
Descricao
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado8/30/2024
Ultima modificacao9/5/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
discourse:discourse_calendar
Fraquezas (CWE)
CWE-400CWE-770
Referencias
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.