exploitDog

CVE-2024-53994

Опубликовано: 04 фев. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.

Ссылки

https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*

Версия до 3.3.3 (исключая)

cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*

Версия до 3.4.0 (исключая)

cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-281

EPSS

Процентиль: 35%

0.00145

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-281