CVE-2023-38706

MEDIUM6.5EPSS 0.29%

Discourse vulnerable to DoS via drafts

Published: 3/6/2024Modified: 3/25/2026

Description

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch. There are no known workarounds.

Affected packages (1)

Bitnami/discoursefrom 0, < 3.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-38706