CVE-2024-54142

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-54142
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54142.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-54142
Aliases
  • GHSA-94c2-qr2h-88jv
Published
2025-01-14T23:15:08Z
Modified
2025-01-15T08:57:10.258118Z
Summary
[none]
Details

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit 92f122c. Users are advised to update. Users unable to update may remove all groups from ai bot public sharing allowed groups site setting.

References

Affected packages

Git / github.com/discourse/discourse-ai

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse-ai
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed