← Back

CVE-2024-47773

nvd nist
Published: Oct 8, 2024Modified: Aug 26, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Exploitability: 3.9 / Impact: 4.2
Source: security-advisories@github.com (Secondary)

Description

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Affected (1)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Before 3.3.2

Related CWEs

CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References (1)

Source: security-advisories@github.com
Third Party Advisory

Timeline

No history available yet.