222 matches found
CVE-2023-47121
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
CVE-2023-47119
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
CVE-2023-45806
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...
Design/Logic Flaw
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
Design/Logic Flaw
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...
CVE-2023-47121
CVE-2023-47121 affects Discourse prior to 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed) where the Embedding feature enables server-side request forgery (SSRF). The root cause is a vulnerable embedding workflow that can be triggered remotely, allowing SSRF conditions. The issue is fixed in Di...
CVE-2023-47121 Discourse SSRF vulnerability in Embedding
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
CVE-2023-47120
Discourse DoS via Onebox favicon URL affects multiple branches: stable 3.1.0–3.1.2 and beta/tests-passed 3.1.0,beta6–3.2.0.beta2. The root cause is Redis memory depletion triggered by crafting a site with an abnormally long favicon URL and drafting multiple posts that Onebox it. Impact is high: p...
CVE-2023-47120 Discourse DoS through Onebox favicon URL
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...
CVE-2023-47119
Discourse prior to 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed) is affected by an HTML injection in Onebox-rendered links. Root cause: the Onebox engine can inject arbitrary HTML tags when rendering certain links. Exploitation PoC is available (e.g., a GitHub exploit showing an HTML-injecti...
CVE-2023-47119 HTML injection in oneboxed links
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
CVE-2023-46130
CVE-2023-46130 affects Discourse prior to 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed) where certain theme components (svgbob and mermaid) allow SVGs with unlimited height attributes, potentially impacting the availability of subsequent replies in a topic. The issue is patched in Discourse ...
CVE-2023-46130 Bypassing height value allowed in some theme components
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some theme components allow users to add svgs with unlimited height attributes, and this can affect the availability of...
CVE-2023-45816
Discourse prior to version 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed) contains a logic edge case where a bookmark reminder is sent and an unread notification is generated even when the user cannot access the underlying bookmarkable resource (post, topic, chat message). The issue is resolv...
CVE-2023-45816 Unread bookmark reminder notifications that the user cannot access can be seen
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkabl...
CVE-2023-45816 Unread bookmark reminder notifications that the user cannot access can be seen
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkabl...
CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...
CVE-2023-45806
Discourse is affected by CVE-2023-45806. Before versions 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed), if a quoted user has a full name containing a ‘|’, updating the name can trigger a bug that generates a large amount of duplicate content across posts that mention the user. The issue is f...
BIT-2023-44388
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...
BIT-2023-44391
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hideuserprofilesfrompublic is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no know...