Lownattsw

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.0.1 on the stable branch Discourse versions prior to 3.1.0.beta2 on the beta and tests-passed branches **Description** The issue concerns the submission of membership requests, where there is no character limit for the reason provided. This could potentially allow a user to flood the database with a large amount of data. However, it is unlikely to be used as part of a Denial of Service (DoS) attack, as the paths reading back the reasons are only available to administrators. A character limit of 280 characters has been introduced for membership requests in later versions. **Recommendations** For Discourse versions prior to 3.0.1 on the stable branch, update to version 3.0.1 or later to introduce a character limit for membership requests. For Discourse versions prior to 3.1.0.beta2 on the beta and tests-passed branches, update to version 3.1.0.beta2 or later to introduce a character limit for membership requests.