CVE-2023-48297

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.4 Discourse version beta 3.2.0.beta5 and earlier

Description Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here), which can lead to a very long array of users.

Recommendations For versions prior to 3.1.4, update to version 3.1.4 or later. For version beta 3.2.0.beta5 and earlier, update to a version later than beta 3.2.0.beta5. As a temporary workaround, consider restricting the use of expanded chat mentions (@all and @here) until a patch is available.