Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse DM limits aren’t always properly enforced
Vulnerability Description
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Discourse 访问控制错误漏洞
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.4.3之前版本和3.5.0.beta3之前版本存在访问控制错误漏洞,该漏洞源于绕过用户限制,可能导致创建包含所有用户的私信。
CVSS Information
N/A
Vulnerability Type
N/A