CVE-2021-43794

Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Information

Published : 2021-12-01 12:15

Updated : 2021-12-02 19:11


NVD link : CVE-2021-43794

Mitre link : CVE-2021-43794


JSON object : View

CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Advertisement

dedicated server usa

Products Affected

discourse

  • discourse