CVE-2022-39226

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.8.9 Discourse versions prior to 2.9.0.beta10

Description A malicious actor can add large payloads of text into the Location and Website fields of a user profile, causing issues for other users when loading that profile.

Recommendations For versions prior to 2.8.9, update to version 2.8.9 or later on the stable branch. For versions prior to 2.9.0.beta10, update to version 2.9.0.beta10 or later on the beta and tests-passed branches.

Exploit

Fix

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-20

Related Identifiers

BIT-DISCOURSE-2022-39226

CVE-2022-39226

GHSA-JW3Q-XG5G-QJRW

Affected Products

Discourse

CVE-2022-39226

Weakness Enumeration

Related Identifiers

Affected Products

References · 8