PT-2023-12730 · Discourse · Discourse

Imlonghao

Publicado

2023-01-05

Atualizado

2024-03-06

CVE-2022-23548

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 2.9.0.beta16 on the beta and tests-passed branches

Description The issue affects the parsing of posts in Discourse, making it susceptible to regular expression denial of service (ReDoS) attacks. This allows for potential disruption of service. There are no known workarounds for this issue.

Recommendations For Discourse versions prior to 2.8.14 on the stable branch, update to version 2.8.14 to resolve the issue. For Discourse versions prior to 2.9.0.beta16 on the beta and tests-passed branches, update to version 2.9.0.beta16 to resolve the issue.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333

Identificadores relacionados

BIT-DISCOURSE-2022-23548

CVE-2022-23548

GHSA-7RW2-F4X7-7PXF

Produtos afetados

Discourse

PT-2023-12730 · Discourse · Discourse

CVE-2022-23548

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9