Medium severity5.3OSV Advisory· Published Jul 10, 2024· Updated Jun 17, 2026
CVE-2024-27090
CVE-2024-27090
Description
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
decidimRubyGems | < 0.27.6 | 0.27.6 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-qcj6-vxwx-4rqvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27090ghsaADVISORY
- github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705nvdWEB
- github.com/decidim/decidim/pull/12528nvdWEB
- github.com/decidim/decidim/releases/tag/v0.27.6nvdWEB
- github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqvnvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2024-27090.ymlghsaWEB
News mentions
0No linked articles in our index yet.