CVE-2023-41043

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.1 of the stable branch Discourse versions prior to 3.2.0.beta1 of the beta and tests-passed branches

Description A malicious admin could create extremely large icons sprites, which would then be cached in each server process, potentially causing server processes to be killed and leading to downtime. This issue is a concern for multisite installations, but no action is required when admins are trusted.

Recommendations For versions prior to 3.1.1 of the stable branch, update to version 3.1.1 or later. For versions prior to 3.2.0.beta1 of the beta and tests-passed branches, update to version 3.2.0.beta1 or later. As a temporary workaround, consider restricting the ability of admins to create large icons sprites until a patch is applied.