CVE-2023-46130

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.3 Discourse versions prior to 3.2.0.beta3

Description Discourse is an open source platform for community discussion. The issue affects the availability of subsequent replies in a topic when users can add svgs with unlimited height attributes. This is possible in some theme components, specifically the svgbob or the mermaid theme component. Most Discourse instances are unaffected.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later. For versions prior to 3.2.0.beta3, update to version 3.2.0.beta3 or later. As a temporary workaround, consider disabling or removing the relevant theme components, specifically the svgbob or the mermaid theme component.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-DISCOURSE-2023-46130

CVE-2023-46130

GHSA-C876-638R-VFCG

Affected Products

Discourse

CVE-2023-46130

Weakness Enumeration

Related Identifiers

Affected Products

References · 9