CVE-2024-47773

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-610
View all →

Vulnerability Description

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Related Vulnerabilities

CVE-2022-2633

HIGH
CVSS:8.2(High)

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in version...

CWE-6102022

CVE-2024-31319

HIGH
CVSS:8.4(High)

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privile...

CWE-6102024

CVE-2018-9582

HIGH
CVSS:7.8(High)

In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privi...

CWE-6102018

CVE-2019-15394

HIGH
CVSS:7.8(High)

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package nam...

CWE-6102019

CVE-2019-15405

HIGH
CVSS:7.8(High)

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of...

CWE-6102019

CVE-2019-15418

HIGH
CVSS:7.8(High)

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of...

CWE-6102019