CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21658

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.5%

CVSS Severity

CVSS v3 Score 4.3

References

https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8

Products affected by CVE-2024-21658

Discourse » Discourse Calendar » Version: N/A

cpe:2.3:a:discourse:discourse_calendar:-
Discourse » Discourse Calendar » Version: 1.0.0

cpe:2.3:a:discourse:discourse_calendar:1.0.0
Discourse » Discourse Calendar » Version: 1.0.1

cpe:2.3:a:discourse:discourse_calendar:1.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21658

Products

Pricing

Contact Us