CVE-2022-23548

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 2.9.0.beta16 on the beta and tests-passed branches

Description The issue affects the parsing of posts in Discourse, making it susceptible to regular expression denial of service (ReDoS) attacks. This allows for potential disruption of service. There are no known workarounds for this issue.

Recommendations For Discourse versions prior to 2.8.14 on the stable branch, update to version 2.8.14 to resolve the issue. For Discourse versions prior to 2.9.0.beta16 on the beta and tests-passed branches, update to version 2.9.0.beta16 to resolve the issue.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

BIT-DISCOURSE-2022-23548

CVE-2022-23548

GHSA-7RW2-F4X7-7PXF

Affected Products

Discourse

CVE-2022-23548

Weakness Enumeration

Related Identifiers

Affected Products

References · 9