CVE-2023-44388

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.1 stable and 3.2.0.beta2

Description Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem can be temporarily worked around by reducing the client max body size nginx directive, which will limit the size of uploads that can be uploaded directly to the server.

Recommendations For versions prior to 3.1.1 stable, update to version 3.1.1 stable or later. For versions prior to 3.2.0.beta2, update to version 3.2.0.beta2 or later. As a temporary workaround, consider reducing the client max body size nginx directive to limit the size of uploads that can be uploaded directly to the server.