Описание
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.4 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*
EPSS
Процентиль: 39%
0.00175
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
NVD-CWE-Other
EPSS
Процентиль: 39%
0.00175
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
NVD-CWE-Other