Vulnerability Description
Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse-reactions/commit/6a5a8dacd7e5cbbbbe7d2288
- https://github.com/discourse/discourse-reactions/security/advisories/GHSA-7cqc-5
- https://github.com/discourse/discourse-reactions/commit/6a5a8dacd7e5cbbbbe7d2288
- https://github.com/discourse/discourse-reactions/security/advisories/GHSA-7cqc-5
FAQ
What is CVE-2024-31219?
CVE-2024-31219 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topi...
How severe is CVE-2024-31219?
CVE-2024-31219 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-31219?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.