Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/pull/19737 | Patch Third Party Advisory |
https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf | Third Party Advisory |
https://github.com/discourse/discourse/pull/19737 | Patch Third Party Advisory |
https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/discourse/discourse/pull/19737 - Patch, Third Party Advisory | |
References | () https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf - Third Party Advisory | |
Summary |
|
Information
Published : 2023-01-05 19:15
Updated : 2024-11-21 06:48
NVD link : CVE-2022-23548
Mitre link : CVE-2022-23548
CVE.ORG link : CVE-2022-23548
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-1333
Inefficient Regular Expression Complexity