cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-54142,https://securityvulnerability.io/vulnerability/CVE-2024-54142,HTML Entity Exposure in Discourse AI Plugin by Discourse,"The Discourse AI plugin introduces a vulnerability that could potentially expose HTML entities present in conversations when shared in posts. If a user visits a post featuring a onebox linked to a conversation, these HTML entities may inadvertently leak into the Discourse application. The issue has been mitigated in a recent commit, and users are strongly encouraged to update their installations. For those unable to update, it is recommended to modify the 'ai bot public sharing allowed groups' site setting to prevent such leakage.",Discourse,Discourse-ai,9.1,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T23:15:00.000Z,0
CVE-2024-23654,https://securityvulnerability.io/vulnerability/CVE-2024-23654,Admin-Initiated SSRF Attacks Vulnerability in Discourse-AI Plugin,"discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin.
",discourse,discourse-ai,4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-21T20:28:12.939Z,0