What is the severity of CVE-2024-21658?

CVE-2024-21658 is categorized as a medium severity vulnerability due to its potential to cause excessive bandwidth and disk space usage.

How do I fix CVE-2024-21658?

To fix CVE-2024-21658, you should update the Discourse Calendar plugin to a version released after August 28, 2024.

What kind of issues can CVE-2024-21658 cause on my Discourse instance?

CVE-2024-21658 can lead to increased bandwidth consumption and disk space exhaustion due to overly generous region value limits.

Is CVE-2024-21658 specific to certain versions of the Discourse Calendar plugin?

Yes, CVE-2024-21658 affects all versions of the Discourse Calendar plugin prior to the version released on August 28, 2024.

Who is affected by CVE-2024-21658?

Any Discourse instance using the vulnerable versions of the Discourse Calendar plugin is at risk from CVE-2024-21658.

Vulnerability/
CVE-2024-21658

medium

4.3

CWE

400 770

30/8/2024

5/9/2024

CVE-2024-21658: Insufficient control of region value length in discourse-calendar

First published: Fri Aug 30 2024(Updated: )

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Calendar plugin	<2024-08-28

Never miss a vulnerability like this again

Reference Links

https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8

Frequently Asked Questions

What is the severity of CVE-2024-21658?
CVE-2024-21658 is categorized as a medium severity vulnerability due to its potential to cause excessive bandwidth and disk space usage.
How do I fix CVE-2024-21658?
To fix CVE-2024-21658, you should update the Discourse Calendar plugin to a version released after August 28, 2024.
What kind of issues can CVE-2024-21658 cause on my Discourse instance?
CVE-2024-21658 can lead to increased bandwidth consumption and disk space exhaustion due to overly generous region value limits.
Is CVE-2024-21658 specific to certain versions of the Discourse Calendar plugin?
Yes, CVE-2024-21658 affects all versions of the Discourse Calendar plugin prior to the version released on August 28, 2024.
Who is affected by CVE-2024-21658?
Any Discourse instance using the vulnerable versions of the Discourse Calendar plugin is at risk from CVE-2024-21658.

agent/references
agent/title
agent/description
agent/first-publish-date
agent/type
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/discourse
canonical/discourse calendar plugin

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.