Lucene search
+L

6 matches found

OpenVAS
OpenVAS
added 2024/02/05 12:0 a.m.16 views

Discourse < 3.1.4, 3.2.x < 3.2.0.beta4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

8.6CVSS5.1AI score0.00566EPSS
Exploits0References3
NVD
NVD
added 2024/01/12 9:15 p.m.20 views

CVE-2024-21655

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

4.3CVSS4.5AI score0.00566EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/12 8:46 p.m.18 views

CVE-2024-21655 Insufficient control of custom field value sizes

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

4.3CVSS5.2AI score0.00566EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/12 8:46 p.m.8 views

CVE-2024-21655 Insufficient control of custom field value sizes

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

4.3CVSS4.5AI score0.00566EPSS
Exploits0References1
CVE
CVE
added 2024/01/12 8:46 p.m.56 views

CVE-2024-21655

CVE-2024-21655 affects Discourse: a vulnerability where fields editable on the client side have no imposed size limits, allowing an attacker to drive a Discourse instance to consume excessive disk space and bandwidth. Root cause is insufficient constraint on input sizes for client-editable fields...

4.3CVSS4.8AI score0.00566EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/12 8:46 p.m.25 views

CVE-2024-21655 Insufficient control of custom field value sizes

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

4.3CVSS4.8AI score0.00566EPSS
Exploits0References3
Rows per page
Query Builder