222 matches found
BIT-DISCOURSE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...
BIT-DISCOURSE-2023-46130 Bypassing height value allowed in some theme components
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some theme components allow users to add svgs with unlimited height attributes, and this can affect the availability of...
BIT-DISCOURSE-2023-47119 HTML injection in oneboxed links
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
BIT-DISCOURSE-2023-47120 Discourse DoS through Onebox favicon URL
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...
BIT-DISCOURSE-2023-47121 Discourse SSRF vulnerability in Embedding
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
BIT-DISCOURSE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
BIT-DISCOURSE-2023-49099 Discourse secure uploads accessible to guests even when login is required
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
BIT-DISCOURSE-2024-21655 Insufficient control of custom field value sizes
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...
CVE-2023-48297
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Design/Logic Flaw
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
Code injection
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Design/Logic Flaw
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
CVE-2023-49099
Discourse has a vulnerability where under very specific circumstances secure upload URLs for posts could be accessed by guest users even when login is required. Affected versions were before patches 3.2.0.beta4 and 3.1.4; patch versions are 3.2.0.beta4 and 3.1.4. Impact involves potential exposur...
CVE-2024-21655 Insufficient control of custom field value sizes
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...
CVE-2024-21655
CVE-2024-21655 affects Discourse: a vulnerability where fields editable on the client side have no imposed size limits, allowing an attacker to drive a Discourse instance to consume excessive disk space and bandwidth. Root cause is insufficient constraint on input sizes for client-editable fields...
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
CVE-2023-48297
Discourse vulnerability CVE-2023-48297 affects the message serializer that expands chat mentions (@all/@here). The implementation can generate a very large array of users, enabling a denial of service as stated in the CVE description. The issue was patched in Discourse versions 3.1.4 and in the b...