4 matches found
Discourse < 3.0.6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2023-38684
creationtimestamp| type| source ---|---|--- 2023-07-28 20:29:29+00:00| seen| https://t.me/cibsecurity/67389...
CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...
CVE-2023-38684
Discourse (open source forum software) is vulnerable in versions prior to 3.0.6 (stable) and 3.1.0.beta7 (beta/tests-passed) where multiple controller actions accept limit parameters without an upper bound, potentially enabling arbitrary users to generate expensive DB queries and exhaust server r...