CVE-2024-35227

Опубликовано: 03 июл. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch. There are no known workarounds available for this vulnerability.

Ссылки

https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b
Patch
https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36
Patch
https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c
Third Party Advisory
https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b
Patch
https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36
Patch
https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*

Версия до 3.2.2 (включая)

EPSS

Процентиль: 46%

0.00237

Низкий

7.5 High

CVSS3

Дефекты

CWE-20