Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient control of region value length in discourse-calendar
Vulnerability Description
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Discourse Calendar 资源管理错误漏洞
Vulnerability Description
Discourse Calendar是Discourse开源的一个日历插件。 Discourse Calendar 存在资源管理错误漏洞,该漏洞源于对数据长度的限制过于宽松,可能导致带宽和磁盘空间的异常占用。
CVSS Information
N/A
Vulnerability Type
N/A