CVE-2025-46824

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-46824

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46824.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-46824

Aliases

GHSA-358v-cwvc-gxh5

Published

2025-05-07T18:15:42Z

Modified

2025-05-19T03:29:33.052857Z

Summary

[none]

Details

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.

References

Affected packages

Git / github.com/discourse/discourse-code-review

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse-code-review
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eed3a801f8fee217fe782212d8950eb1bd236e43