CVE-2023-22739 in Discourseinformação

Sumário

de MITRE • 26/01/2023

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.

Once again VulDB remains the best source for vulnerability data.

Responsável

GitHub, Inc.

Reservar

06/01/2023

Divulgação

26/01/2023

Moderação

aceite

Entrada

VDB-219351

CPE

pronto

EPSS

0.00874

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!