CVE-2024-21658

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:discourse:discourse_calendar:*:*:*:*:*:discourse:*:*

History

05 Sep 2024, 14:39

Type Values Removed Values Added
CPE cpe:2.3:a:discourse:discourse_calendar:-:*:*:*:*:discourse:*:* cpe:2.3:a:discourse:discourse_calendar:*:*:*:*:*:discourse:*:*

05 Sep 2024, 14:32

Type Values Removed Values Added
CWE CWE-770
First Time Discourse discourse Calendar
Discourse
CPE cpe:2.3:a:discourse:discourse_calendar:-:*:*:*:*:discourse:*:*
References () https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8 - () https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8 - Vendor Advisory

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Discourse-calendar es un complemento de Discourse que agrega la capacidad de crear un calendario dinámico en la primera publicación de un tema. El límite de longitud del valor de la región es demasiado generoso. Esto permite que un actor malintencionado haga que una instancia de Discourse use un ancho de banda y espacio en disco excesivos. Este problema se ha corregido en la rama principal. No hay workarounds para esta vulnerabilidad. Actualice lo antes posible.

30 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 18:15

Updated : 2024-09-05 14:39


NVD link : CVE-2024-21658

Mitre link : CVE-2024-21658

CVE.ORG link : CVE-2024-21658


JSON object : View

Products Affected

discourse

  • discourse_calendar
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption