5 matches found
CVE-2025-68934
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
CVE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
EUVD-2025-206443
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
CVE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
Rust branca crate security vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in branca crate before 0.10.0 for Rust, which stems from the fact that decoding tokens with invalid base62 data may cause panic...