CVE-2023-32301

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 3.1

CVSS3: 5.3

EPSS Низкий

Описание

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. As a workaround, disable topic embedding if it has been enabled.

Ссылки

https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4
Vendor Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*

Версия до 3.0.4 (исключая)

cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*

EPSS

Процентиль: 42%

0.002

Низкий

3.1 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-116

EPSS

Процентиль: 42%

0.002

Низкий

3.1 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-116