Headline
CVE-2023-37906: DoS via post edit reason
Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability.
Moderate
jomaxro published GHSA-pjv6-47x6-mx7c
Jul 28, 2023
Affected versions
stable <= 3.0.5; beta <= 3.1.0.beta6; tests-passed <= 3.1.0.beta6
Patched versions
stable > 3.0.5; beta > 3.1.0.beta6; tests-passed > 3.1.0.beta6
Description
Impact
A malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason.
Patches
The issue is patched in the latest stable, beta and tests-passed version of Discourse.
Workarounds
There are no workarounds for this vulnerability. Please upgrade as soon as possible.
Severity
CVSS base metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L