CVE-2024-21658

Insufficient control of region value length in discourse-calendar

Description

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.

INFO

Published Date :

2024-08-30T17:18:40.593Z

Last Modified :

2024-08-30T18:00:51.765Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-21658 vulnerability.

Vendors	Products
Discourse	Discourse Calendar

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21658.

URL	Resource
https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact