CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://github.com/discourse/discourse/pull/19737 - Patch, Third Party Advisory () https://github.com/discourse/discourse/pull/19737 - Patch, Third Party Advisory
References () https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf - Third Party Advisory () https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf - Third Party Advisory
Summary
  • (es) Discourse es una plataforma de discusión de fuentes de opciones. Antes de la versión 2.8.14 en la rama `stable` y la versión 2.9.0.beta16 en las ramas `beta` y `tests-passed`, el análisis de publicaciones puede ser susceptible a ataques de denegación de servicio (ReDoS) de expresión regular. Este problema se solucionó en las versiones 2.8.14 y 2.9.0.beta16. No se conocen workarounds.

Information

Published : 2023-01-05 19:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23548

Mitre link : CVE-2022-23548

CVE.ORG link : CVE-2022-23548


JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-1333

Inefficient Regular Expression Complexity