PT-2023-18681 · Discourse · Discourse

Pmusaraj

Publicado

2023-01-27

Atualizado

2024-03-06

CVE-2023-22740

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.0.beta1

Description Discourse is an open source platform for community discussion. The issue concerns the allocation of resources without limits, allowing users to create chat drafts of an unlimited length. This can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user.

Recommendations For versions prior to 3.1.0.beta1, upgrade to the latest version where a limit has been introduced to prevent the allocation of resources without limits. At the moment, there is no information about other workarounds for this issue.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BIT-DISCOURSE-2023-22740

CVE-2023-22740

GHSA-PWJ4-RF62-P224

Produtos afetados

Discourse

PT-2023-18681 · Discourse · Discourse

CVE-2023-22740

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8