PT-2023-21723 · Discourse · Discourse
0Xmokusou
·
Publicado
2023-04-18
·
Atualizado
2024-03-06
·
CVE-2023-28440
CVSS v3.1
2.7
Baixa
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.0.3
Discourse versions prior to 3.1.0.beta4
Description
Discourse is an open source platform for community discussion. A maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted.
Recommendations
For versions prior to 3.0.3, upgrade to version 3.0.3 or later.
For versions prior to 3.1.0.beta4, upgrade to version 3.1.0.beta4 or later.
Exploit
Correção
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Discourse