Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-09-15T19:22:08.194Z
Updated: 2024-08-02T17:46:56.646Z
Reserved: 2023-07-24T16:19:28.366Z
Link: CVE-2023-38706
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-15T20:15:09.217
Modified: 2023-09-20T19:59:40.533
Link: CVE-2023-38706
Redhat
No data.