Home > Vulnerability Database > CVE-2024-27085

Mend.io Vulnerability Database

CVE-2024-27085

Good to know:

Date: March 15, 2024

Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting.

Language: Ruby

Severity Score

6.5

Related Resources (4)

Url: https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27085

Url: https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295

Url: https://www.mend.io/vulnerability-database/CVE-2024-27085

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version v3.2.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27085

Good to know:

Date: March 15, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?