Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.
References
Configurations
Configuration 1 (hide)
|
History
18 Feb 2023, 21:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
First Time |
Discourse
Discourse discourse |
|
CPE | cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:* |
|
References | (MISC) https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd - Patch | |
References | (MISC) https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w - Vendor Advisory |
08 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-08 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-25167
Mitre link : CVE-2023-25167
CVE.ORG link : CVE-2023-25167
JSON object : View
Products Affected
discourse
- discourse
CWE