Malicious Package

Overview db-connections-templates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

BIT-DISCOURSE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a...

CVE-2023-28107

CVE-2023-28107 affects Discourse. Prior to Discourse 3.0.2 (stable) and 3.1.0.beta3 (beta/tests-passed), an administrator could trigger repeated backup requests, exhausting DB connections and potentially impacting multisite clusters. Patches are available in 3.0.2 (stable) and 3.1.0.beta3 (beta/t...

CVE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a...