CVE-2022-35958

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest stable, beta and tests-passed versions

Description A malicious user can exploit the invitation system to spam arbitrary email addresses by sending them invitation emails in certain cases. The estimated number of potentially affected devices is not specified. There are no reported real-world incidents where this issue was exploited.

Recommendations For all affected versions, update to the latest stable, beta, or tests-passed version to resolve the issue. As a temporary workaround, consider restricting the use of the invitation system until a patch is applied. Avoid using the invitation system for external email addresses until the issue is resolved.