Discourse 资源管理错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A resource management error vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed, which stems from a large amount of data floodin...

CVE-2023-23616

CVE-2023-23616 affects Discourse, where pre-fix versions permit membership-requests to include unlimited reasoning text. Specifically, versions before 3.0.1 on the stable branch and before 3.1.0.beta2 on the beta/tests-passed branches lack a character limit for the request reason, enabling potent...

CVE-2023-23616 Discourse membership requests lack character limit

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...

Liberapay: REGISTRATION USING FAKE EMAIL ACCOUNT

Go to page https://liberapay.com/sign-up 2. Input email address I tried to register with some email address [email protected] [email protected] [email protected] [email protected] [email protected] 3. Select the currency you want to use 4. click "GO" button 5. Will automatically enter into account without going through the process of verification email...

IRCCloud: CSRF - Creating accounts

Hi there, I've discovered the following CSRF issue: There's no CSRF / Bot protection on the registration form. Details An attacker could automate the registration process to flood your database with invalid/useless accounts. He could also source the process out to his victims CSRF. Steps to...