4 matches found
CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...
CVE-2023-25167
creationtimestamp| type| source ---|---|--- 2023-02-08 22:25:32+00:00| seen| https://t.me/cibsecurity/57800...
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...
CVE-2023-25167
Discourse is vulnerable to a regular expression denial of service via carefully crafted git URLs used to install themes. The issue affects affected Discourse versions and is caused by processing Git URLs in a way that can trigger RE DoS. Remediation: upgrade to the latest stable, beta, or tests-p...