Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458 | Patch |
https://github.com/discourse/discourse/pull/20002 | Issue Tracking Patch |
https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv | Third Party Advisory |
https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458 | Patch |
https://github.com/discourse/discourse/pull/20002 | Issue Tracking Patch |
https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 07:46
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
References | () https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458 - Patch | |
References | () https://github.com/discourse/discourse/pull/20002 - Issue Tracking, Patch | |
References | () https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv - Third Party Advisory |
Information
Published : 2023-01-28 00:15
Updated : 2024-11-21 07:46
NVD link : CVE-2023-23621
Mitre link : CVE-2023-23621
CVE.ORG link : CVE-2023-23621
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-1333
Inefficient Regular Expression Complexity