Allocation of Resources Without Limits or Throttling in Discourse - CVE-2024-24827
Published: March 15, 2024 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper resource management in the POST /uploads endpoint when handling upload creation requests. A remote attacker can send a large number of upload requests to cause a denial of service.
The impact depends on site-specific upload-related settings that affect the resources consumed during upload creation.