Vulnerability Database

309,083

Total vulnerabilities in the database

CVE-2024-52794

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

  • Published: Dec 19, 2024
  • Updated: Nov 16, 2025
  • CVE: CVE-2024-52794
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

CWEs:

OWASP TOP 10:

Software From Fixed in
discourse / discourse - 3.3.2
discourse / discourse - 3.4.0
discourse / discourse 3.4.0-beta1 3.4.0-beta1.x
discourse / discourse 3.4.0-beta2 3.4.0-beta2.x
discourse / discourse 3.4.0-beta3 3.4.0-beta3.x