Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Sep 2023, 19:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Discourse
Discourse discourse |
|
References | (MISC) https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 - Exploit, Vendor Advisory | |
CPE | cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:* |
17 Sep 2023, 12:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-15 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-38706
Mitre link : CVE-2023-38706
CVE.ORG link : CVE-2023-38706
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-770
Allocation of Resources Without Limits or Throttling