discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8 | Vendor Advisory |
Configurations
History
05 Sep 2024, 14:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:discourse:discourse_calendar:*:*:*:*:*:discourse:*:* |
05 Sep 2024, 14:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
First Time |
Discourse discourse Calendar
Discourse |
|
CPE | cpe:2.3:a:discourse:discourse_calendar:-:*:*:*:*:discourse:*:* | |
References | () https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8 - Vendor Advisory |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Aug 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-30 18:15
Updated : 2024-09-05 14:39
NVD link : CVE-2024-21658
Mitre link : CVE-2024-21658
CVE.ORG link : CVE-2024-21658
JSON object : View
Products Affected
discourse
- discourse_calendar