22 matches found
Design/Logic Flaw
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some theme components allow users to add svgs with unlimited height attributes, and this can affect the availability of...
CVE-2023-46130
CVE-2023-46130 affects Discourse prior to 3.1.3 (stable) and 3.2.0.beta3 (beta/tests-passed) where certain theme components (svgbob and mermaid) allow SVGs with unlimited height attributes, potentially impacting the availability of subsequent replies in a topic. The issue is patched in Discourse ...