Page 7 of 147 results (0.008 seconds)

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. Discourse es una plataforma para la discusión comunitaria. El serializador de mensajes utiliza la lista completa de menciones de chat ampliadas (@all y @here), lo que puede conducir a una gran variedad de usuarios. • https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1 https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6 https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852 https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. Discourse es una plataforma de código abierto para el debate comunitario. • https://github.com/BaadMaro/CVE-2023-47119 https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09 https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. • https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800 https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg • CWE-770: Allocation of Resources Without Limits or Throttling •