Discourse: Vulnerability Allowing Unauthorized Iframe Injection - Proactive Insights and Support For Open-Source Applications

In Discourse versions prior to 3.2.5 and 3.3.0.beta5 a medium severity vulnerability CVE-2024-39320 was detected. This vulnerability allows attackers to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39320.