CVE-2023-49098

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

EUVD-2023-53107

Malicious code in bioql PyPI...

CVE-2024-31219

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispersallowedgroups and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the /u/:username/activity/reaction...

CVE-2023-30611

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to...

CVE-2024-31219

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispersallowedgroups and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the /u/:username/activity/reaction...

CVE-2024-31219 Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispersallowedgroups and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the /u/:username/activity/reaction...

CVE-2024-31219 Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispersallowedgroups and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the /u/:username/activity/reaction...

CVE-2024-31219 Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispersallowedgroups and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the /u/:username/activity/reaction...

CVE-2024-31219

CVE-2024-31219 affects the Discourse-reactions plugin. When whispers are enabled via whispers_allowed_groups and users react on whispers in public topics, the contents of the whisper and the reaction data are exposed on the /u/:username/activity/reactions endpoint. The vulnerability is described ...

CVE-2023-49098

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

CVE-2023-49098 Reaction data for user notifications exposed in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

CVE-2023-49098

CVE-2023-49098 affects the Discourse-Reactions plugin for Discourse. Data about a user’s reaction notifications could be exposed; this was mitigated by patch commit 2c26939. The CVSSv3.1 base metrics from the record are: AV:N/AC:L/PR:L/UI:R/S:U, Confidentiality Impact: Low, Integrity/Availability...

CVE-2023-49098 Reaction data for user notifications exposed in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

CVE-2023-49098 Reaction data for user notifications exposed in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

PT-2024-13672 · Discourse · Discourse-Reactions

Name of the Vulnerable Software and Affected Versions: Discourse-reactions plugin affected versions not specified Description: The Discourse-reactions plugin allows users to add reactions to posts. However, it has an issue where data about a user's reaction notifications could be exposed...

CVE-2023-30611

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to...

CVE-2023-30611 Reaction metadata exposed in private topics in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to...

CVE-2023-30611 Reaction metadata exposed in private topics in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to...

CVE-2023-30611

Discourse-reactions plugin vulnerability (CVE-2023-30611) allows leakage of reaction metadata from posts in private topics. Affected: Discourse with discourse-reactions prior to 0.3. Root cause described as information disclosure through reaction data exposure in private topics. Impact is confide...

PT-2023-22808 · Discourse · Discourse-Reactions

Name of the Vulnerable Software and Affected Versions: Discourse-reactions versions prior to 0.3 Description: The Discourse-reactions plugin for the Discourse messaging platform has an issue where data about reactions performed on a post in a private topic could be leaked. This affects the...