5 matches found
EUVD-2024-21129
Malicious code in bioql PyPI...
CVE-2024-23654
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
CVE-2024-54142
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...
Discourse AI 跨站脚本漏洞
Discourse AI is an open source AI plugin for Discourse. Discourse AI suffers from a cross-site scripting vulnerability that stems from the fact that when sharing a Discourse AI Bot conversation into a post, if there are HTML entities in the conversation, these entities may be leaked to the...
Server side request forgery (ssrf)
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...