Lucene search
K

4 matches found

OSV
OSV
added 2026/06/16 12:37 p.m.5 views

BIT-DISCOURSE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?. The misnamed...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 8:23 p.m.23 views

CVE-2026-44782

Discourse (open-source) is affected. In versions 2026.1.0-latest–2026.1.3.x, 2026.3.0-latest–2026.3.0.x, and 2026.4.0-latest–2026.4.0.x, GroupPostSerializer used include_user_long_name? as the predicate for the :name attribute. AMS checks for include_name?, but the misnamed predicate was never in...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 8:23 p.m.9 views

CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:23 p.m.33 views

CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

4.3CVSS0.00189EPSS
Exploits0References1
Rows per page
Query Builder