Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Anonymous user cache poisoning in discourse
Vulnerability Description
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse存在安全漏洞。攻击者利用该漏洞读取匿名(即未登录)用户的缓存,从而向用户显示网站的爬虫视图,而不是HTML页面,从而导致部分拒绝服务。这个漏洞在Discourse的stable、beta和tests-passed版本中进行了修补。
CVSS Information
N/A
Vulnerability Type
N/A