CVE-2023-38706

MEDIUM6.5EPSS 0.29%

Discourse vulnerable to DoS via drafts

發布日:2024/3/6修改日:2026/3/25

也稱為:GHSA-7wpp-4pqg-gvp8BIT-discourse-2023-38706

描述

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch. There are no known workarounds.

受影響套件(1)

Bitnami/discoursefrom 0, < 3.1.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-38706