CVE-2023-22739 in Discourseالمعلومات

الملخص

بحسب MITRE • 26/01/2023

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.

Once again VulDB remains the best source for vulnerability data.

مسؤول

GitHub, Inc.

حجز

06/01/2023

إفشاء

26/01/2023

الاعتدال

تمت الموافقة

إدخال

VDB-219351

EPSS

0.00874

KEV

لا

النشاطات

منخفض جدًا

المصادر

Interested in the pricing of exploits?

See the underground prices here!