CVE-2024-35227 : DISCOURSE UP TO 3.3.0.BETA2/3.2.2 URL DENIAL OF SERVICE

Description

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability.

References

https://github.com/discourse/discourse/security/advisories/GHSA-664f-xwjw-752c

https://github.com/discourse/discourse/commit/10afe5fcf1ebf2e49cb80716d5e62e184c53519b

https://github.com/discourse/discourse/commit/6ce5673d2c1a511b602e1b2ade6cdc898d14ab36

For More Information

CVERecord

Contact us to get started

CVE-2024-6284 : GOOGLE NFTABLES UP TO 0.1.0 ADDSET INPUT VALIDATION

Description In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not

Learn more

CVE-2024-34750 : APACHE TOMCAT UP TO 9.0.89/10.1.24/11.0.0-M20 HTTP/2 STREAM EXCEPTIONAL CONDITION

Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did

Learn more