{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T18:21:09.278","vulnerabilities":[{"cve":{"id":"CVE-2024-24827","sourceIdentifier":"security-advisories@github.com","published":"2024-03-15T20:15:07.900","lastModified":"2025-08-26T16:36:16.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server."},{"lang":"es","value":"Discourse es una plataforma de código abierto para el debate comunitario. Sin un límite de velocidad en el endpoint POST /uploads, a un atacante le resulta más fácil llevar a cabo un ataque DoS en el servidor, ya que crear una carga puede ser un proceso que consume muchos recursos. Tenga en cuenta que el impacto varía de un sitio a otro, ya que varias configuraciones del sitio, como `max_image_size_kb`, `max_attachment_size_kb` y `max_image_megapixels`, determinarán la cantidad de recursos utilizados al crear una carga. El problema está solucionado en la última versión estable, beta y probada de Discourse. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben reducir `max_image_size_kb`, `max_attachment_size_kb` y `max_image_megapixels` ya que las cargas más pequeñas requieren menos recursos para procesar. Alternativamente, `client_max_body_size` se puede reducir en Nginx para evitar que grandes cargas lleguen al servidor."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"686BF2DC-5ED7-4852-BE53-206E0597E5BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"4EBDB0A9-6C68-4FC5-81CD-5E1B042DD60C"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}