Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Anonymous user cache poisoning via development-mode header in Discourse
Vulnerability Description
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
资源在另一范围的外部可控制索引
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse存在安全漏洞,该漏洞源于软件在用户的缓存处理存在权限。攻击者可利用该漏洞可以毒化匿名(即未登录)用户的缓存,这样用户显示的是JSON blob而不是HTML页面。这可能导致部分拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A