CVE-2023-45806

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier in the beta and tests-passed branches

Description Discourse is an open source platform for community discussion. If a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. No known workaround exists, although one can stop the "bleeding" by ensuring users only use alphanumeric characters in their full name field.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later. For version 3.2.0.beta3 and earlier in the beta and tests-passed branches, update to version 3.2.0.beta3 or later. As a temporary workaround, consider ensuring users only use alphanumeric characters in their full name field until a patch is applied.