PT-2023-29863 · Discourse · Discourse

0-0Eth0

Publicado

2023-11-10

Atualizado

2024-03-06

CVE-2023-46130

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.3 Discourse versions prior to 3.2.0.beta3

Description Discourse is an open source platform for community discussion. The issue affects the availability of subsequent replies in a topic when users can add svgs with unlimited height attributes. This is possible in some theme components, specifically the svgbob or the mermaid theme component. Most Discourse instances are unaffected.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later. For versions prior to 3.2.0.beta3, update to version 3.2.0.beta3 or later. As a temporary workaround, consider disabling or removing the relevant theme components, specifically the svgbob or the mermaid theme component.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BIT-DISCOURSE-2023-46130

CVE-2023-46130

GHSA-C876-638R-VFCG

Produtos afetados

Discourse

PT-2023-29863 · Discourse · Discourse

CVE-2023-46130

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9