Описание
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.5 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta4:*:*:beta:*:*:*
EPSS
Процентиль: 69%
0.00612
Низкий
4.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
CWE-400
EPSS
Процентиль: 69%
0.00612
Низкий
4.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
CWE-400