Theteatoast

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the `beta` branch Discourse version 3.5.0.beta6-dev and earlier of the `tests-passed` branch **Description** Discourse is an open-source discussion platform. Sending a malicious URL in a private message to a bot user can cause reduced availability of a Discourse instance. **Recommendations** For versions prior to 3.4.4, update to version 3.4.4 or later of the `stable` branch. For version 3.5.0.beta5 and earlier of the `beta` branch, update to version 3.5.0.beta5 or later. For version 3.5.0.beta6-dev and earlier of the `tests-passed` branch, update to version 3.5.0.beta6-dev or later. As a temporary workaround, consider restricting the ability to send private messages to bot users until the issue is resolved.