8.2

CVE-2024-47773

EPSS 7.85%
Veröffentlicht 08.10.2024 18:15:30
Zuletzt bearbeitet 26.08.2025 16:58:28
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Discourse ≫ Discourse SwEditionstable Version < 3.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.85%	0.918

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

https://github.com/discourse/discourse/security/advisories/GHSA-58vv-9j8h-hw2v

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47773

EUVD