{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T12:32:46.623","vulnerabilities":[{"cve":{"id":"CVE-2024-21658","sourceIdentifier":"security-advisories@github.com","published":"2024-08-30T18:15:06.717","lastModified":"2024-09-05T14:39:07.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible."},{"lang":"es","value":"Discourse-calendar es un complemento de Discourse que agrega la capacidad de crear un calendario dinámico en la primera publicación de un tema. El límite de longitud del valor de la región es demasiado generoso. Esto permite que un actor malintencionado haga que una instancia de Discourse use un ancho de banda y espacio en disco excesivos. Este problema se ha corregido en la rama principal. No hay workarounds para esta vulnerabilidad. Actualice lo antes posible."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse_calendar:*:*:*:*:*:discourse:*:*","versionEndExcluding":"2024-08-28","matchCriteriaId":"EB12625B-F7A9-4407-9CC3-2CBB9E5CB2A2"}]}]}],"references":[{"url":"https://github.com/discourse/discourse-calendar/security/advisories/GHSA-65f2-9ghp-x8h8","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}