CVE-2024-21658 Insufficient control of region value length in discourse-calendar

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...

PT-2024-19003 · Discourse · Discourse Calendar

Name of the Vulnerable Software and Affected Versions: discourse-calendar affected versions not specified Description: The discourse-calendar plugin has a limit on region value length that is too generous, allowing a malicious actor to cause a Discourse instance to use excessive bandwidth and dis...