PT-2023-18681 · Discourse · Discourse
Pmusaraj
·
Published
2023-01-27
·
Updated
2024-03-06
·
CVE-2023-22740
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.1.0.beta1
Description
Discourse is an open source platform for community discussion. The issue concerns the allocation of resources without limits, allowing users to create chat drafts of an unlimited length. This can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user.
Recommendations
For versions prior to 3.1.0.beta1, upgrade to the latest version where a limit has been introduced to prevent the allocation of resources without limits.
At the moment, there is no information about other workarounds for this issue.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse