CVE-2022-31184

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse (affected versions not specified)

Description Discourse is an open source discussion platform. In affected versions, an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta, and tests-passed versions of Discourse, which rate limits emails.

Recommendations For all affected versions, users are advised to upgrade to the latest stable, beta, or tests-passed version. Users unable to upgrade should manually rate limit email.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-DISCOURSE-2022-31184

CVE-2022-31184

GHSA-M5W9-8GP8-2HRF

Affected Products

Discourse

CVE-2022-31184

Weakness Enumeration

Related Identifiers

Affected Products

References · 8