PT-2023-30324 · Discourse+1 · Discourse+1

Highjomaxro

Publicado

2023-11-10

Atualizado

2024-03-06

CVE-2023-47120

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse versions 3.1.0 through 3.1.2 Discourse versions 3.1.0,beta6 through 3.2.0.beta2

Description Discourse is an open source platform for community discussion. In the affected versions, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it.

Recommendations For Discourse versions 3.1.0 through 3.1.2, update to version 3.1.3 or later. For Discourse versions 3.1.0,beta6 through 3.2.0.beta2, update to version 3.2.0.beta3 or later.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BIT-DISCOURSE-2023-47120

CVE-2023-47120

GHSA-77CW-XHJ8-HFP3

Produtos afetados

Discourse

Redis

PT-2023-30324 · Discourse+1 · Discourse+1

CVE-2023-47120

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11