CVE-2024-31219 Information

Description

Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via whispers_allowed_groups and reactions are made on whispers on public topics the contents of the whisper and the reaction data are shown on the /u/:username/activity/reactions endpoint.

Reference

https://github.com/discourse/discourse-reactions/security/advisories/GHSA-7cqc-5xrw-xh67 https://github.com/discourse/discourse-reactions/commit/6a5a8dacd7e5cbbbbe7d2288b1df9c1062994dbe