Description

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.

INFO

Published Date :

2025-01-14T22:39:49.458Z

Last Modified :

2025-01-15T14:54:42.790Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-54142 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-54142.

URL Resource
https://github.com/discourse/discourse-ai/commit/92f122c54d9d7ead9223a056270bff5b4c42c73f cve-icon cve-icon
https://github.com/discourse/discourse-ai/security/advisories/GHSA-94c2-qr2h-88jv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact