CVE-2024-31219 – Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page

https://notcve.org/view.php?id=CVE-2024-31219

15 Apr 2024 — Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint. Discourse-reactions es un complemento que permite al usuario agregar sus reacciones a la publicación. Cuando los whispers están habilitados en un sitio a través de `whispers_allowed_groups` y se re... • https://github.com/discourse/discourse-reactions/commit/6a5a8dacd7e5cbbbbe7d2288b1df9c1062994dbe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •