Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-15T19:22:46.937Z
Updated: 2024-08-21T23:12:39.336Z
Reserved: 2024-02-19T14:43:05.992Z
Link: CVE-2024-27085
Vulnrichment
Updated: 2024-08-02T00:27:59.594Z
NVD
Status : Awaiting Analysis
Published: 2024-03-15T20:15:08.277
Modified: 2024-03-17T22:38:29.433
Link: CVE-2024-27085
Redhat
No data.