Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41921

Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.

Published

2022-11-28T15:15:10.543

Last Modified

2024-11-21T07:24:04.397

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	discourse	discourse	< 2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes

References

https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a471a933f Patch, Third Party Advisory ([email protected])
https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qccc Third Party Advisory ([email protected])
https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a471a933f Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qccc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)