CVE-2024-55948

Summary

CVE-2024-55948 is a vulnerability affecting Discourse, an open-source community discussion platform. An attacker can manipulate the anonymous cache by sending a crafted XHR request, potentially injecting missing preloaded data. This issue poses no threat to authenticated users but can impact anonymous visitors. Discourse has released a patch to mitigate this vulnerability, and it is strongly recommended that users upgrade to the latest version. For those who cannot upgrade immediately, Discourse suggests disabling the anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.