Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-03T17:39:38.293Z
Updated: 2024-08-02T03:07:46.876Z
Reserved: 2024-05-14T15:39:41.784Z
Link: CVE-2024-35227
Vulnrichment
Updated: 2024-07-05T15:09:21.307Z
NVD
Status : Awaiting Analysis
Published: 2024-07-03T18:15:05.450
Modified: 2024-07-05T12:55:51.367
Link: CVE-2024-35227
Redhat
No data.