Use of Web Browser Cache Containing Sensitive Information in Discourse - CVE-2021-43794
Published: December 1, 2021 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a partial denial of service.
The vulnerability exists due to improper cache handling in development-mode header processing when handling requests. A remote attacker can send a specially crafted request to cause a partial denial of service.
Anonymous users may be served a JSON blob instead of the expected HTML page.