Lucene search
GoogleOSV:BIT-DISCOURSE-2023-28440HistoryMar 06, 2024 - 10:58 a.m.
BIT-discourse-2023-28440
2024-03-0610:58:07
Google
osv.dev
4
open source platform
community discussion
malicious request
timeout
shared hosting environment
untrusted admins
vulnerability
upgrade
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
prion
prion
Design/Logic Flaw
2023-04-18 21:15:00
cvelist
cvelist
CVE-2023-28440 Denial of service via admin theme import route in Discourse
2023-04-18 20:40:13
cve
cve
CVE-2023-28440
2023-04-18 21:15:09
osv
osv
CVE-2023-28440
2023-04-18 21:15:09
openvas
openvas
Discourse < 3.0.3 Multiple Vulnerabilities
2023-04-21 00:00:00
Discourse 3.1.x < 3.1.0.beta4 Multiple Vulnerabilities
2023-04-21 00:00:00
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.8%
Related for OSV:BIT-DISCOURSE-2023-28440