CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.

Low

jomaxro published GHSA-mfh7-6cv6-qccc

Nov 28, 2022

**Package**

Discourse (Discourse)

**Affected versions**

beta <= 2.9.0.beta12; tests-passed <= 2.9.0.beta12

**Patched versions**

beta >= 2.9.0.beta13; tests-passed >= 2.9.0.beta13

**Description**

**Impact**

Users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text.

**Patches**

Users should upgrade to the latest version where a limit has been introduced.

**Workarounds**

No workarounds available.

**Severity**

**CVSS base metrics**

User interaction

Required

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

**Weaknesses**

Headline

CVE-2022-41921: Chat messages should have a maximum character limit

CVE: Latest News