Giscus Unauthorized Discussion Creation Vulnerability

A vulnerability in Giscus, a commenting system powered by GitHub Discussions, allowed unauthorized users to create discussions on any repository where Giscus is installed. This issue affected the server-side component of Giscus, available through http://giscus.app or self-hosted. The vulnerability has been patched in the latest commits on the main branch.

Impact

Exploitation of this vulnerability allowed for unauthorized creation of discussions on affected repositories, potentially leading to misuse of the discussion platform.

Remediation

Users of the hosted Giscus service at http://giscus.app do not need to take any action. Self-hosted users should update to the latest version of the Giscus repository or cherry-pick the relevant commits if custom modifications prevent a full update.