Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-38684
HistoryJul 28, 2023 - 4:15 p.m.

CVE-2023-38684

2023-07-2816:15:12
Google
osv.dev
3
cve-2023-38684
open source
resource exhaustion
controller actions
version patch

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability.

Related

cvelist 1
osv 1
cve 1
prion 1
openvas 2
cvelist
cvelist
CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
2023-07-28 15:25:41
osv
osv
BIT-discourse-2023-38684
2024-03-06 10:55:14
cve
cve
CVE-2023-38684
2023-07-28 16:15:12
prion
prion
Input validation
2023-07-28 16:15:00
openvas
openvas
Discourse < 3.0.6 Multiple Vulnerabilities
2023-07-31 00:00:00
Discourse 3.1.x < 3.1.0.beta7 Multiple Vulnerabilities
2023-07-31 00:00:00

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON
Related for OSV:CVE-2023-38684
cvelist1osv1cve1prion1openvas2