GoogleOSV:CVE-2023-25167CVE-2023-25167
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
31.8%
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| discourse | eq | 1.1.0.beta5 | |
| discourse | eq | 2.8.5 | |
| discourse | eq | 1.8.1 | |
| discourse | eq | 1.3.0.beta5 | |
| discourse | eq | 1.9.5 | |
| discourse | eq | 2.6.0.beta2 | |
| discourse | eq | 1.7.0.beta11 | |
| discourse | eq | 1.9.4 | |
| discourse | eq | 2.2.1 | |
| discourse | eq | 2.1.4 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
31.8%