Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2023/07/31 12:0 a.m.28 views

Discourse < 3.0.6 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

7.5CVSS4.8AI score0.00531EPSS
Exploits0References4
Circl
Circl
added 2023/07/28 8:29 p.m.6 views

CVE-2023-38684

creationtimestamp| type| source ---|---|--- 2023-07-28 20:29:29+00:00| seen| https://t.me/cibsecurity/67389...

7.5CVSS7.3AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2023/07/28 3:25 p.m.34 views

CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...

5.3CVSS7.4AI score0.00531EPSS
Exploits0References4
CVE
CVE
added 2023/07/28 3:25 p.m.63 views

CVE-2023-38684

Discourse (open source forum software) is vulnerable in versions prior to 3.0.6 (stable) and 3.1.0.beta7 (beta/tests-passed) where multiple controller actions accept limit parameters without an upper bound, potentially enabling arbitrary users to generate expensive DB queries and exhaust server r...

7.5CVSS6.2AI score0.00531EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder