Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-03T17:39:38.293Z

Updated: 2024-08-02T03:07:46.876Z

Reserved: 2024-05-14T15:39:41.784Z

Link: CVE-2024-35227

cve-icon Vulnrichment

Updated: 2024-07-05T15:09:21.307Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-03T18:15:05.450

Modified: 2024-07-05T12:55:51.367

Link: CVE-2024-35227

cve-icon Redhat

No data.