Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
giscus allows unauthorized discussion creation
Vulnerability Description
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own self-hosted service. This vulnerability is fixed by the c43af7806e65adfcf4d0feeebef76dc36c95cb9a and 4b9745fe1a326ce08d69f8a388331bc993d19389 commits.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
giscus 授权问题漏洞
Vulnerability Description
giscus是giscus开源的一个评论系统。 giscus存在授权问题漏洞,该漏洞源于未经授权的用户可在安装giscus的仓库上创建讨论,可能导致未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A