 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-22740 |
| Description: | Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.149211 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-22740 https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576 https://github.com/discourse/discourse/commit/5eaf0802398ff06604f03b27a28dd274f2ffa576 https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224 https://github.com/discourse/discourse/security/advisories/GHSA-pwj4-rf62-p224 |