CVE-2023-22740 – Discourse is an open source platform for community discussion. Versions prior to 3.1.0.bet …

27 January 2023

Vuln ID: CVE-2023-22740

Published: 2023-01-27 01:15:08Z

Description: Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.

Source: NVD.NIST.GOV

Date:

27 January 2023

Categorie(s):

NVD

Tag(s):

NVD

Secureworks enables users to view known vulnerabilities in the context of threat data24 April 2024
New Relic AI monitoring helps enterprises use AI with confidence24 April 2024
A crafty new Android notification power-up24 April 2024
French security startup BforeAI raises $15M for US expansion and service enhancement24 April 2024
Microsoft uses its genAI leverage against China — prelude to a tech Cold War?24 April 2024