Security Advisory

CVE-2024-27085

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-15 19:22:46
Last updated 2024-08-21 23:12:39
Assigner GitHub_M
State PUBLISHED

Description

Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting.