Описание
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch. No known workarounds are available.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.4 (исключая)Версия до 3.5.0 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*
EPSS
Процентиль: 28%
0.00099
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
EPSS
Процентиль: 28%
0.00099
Низкий
7.5 High
CVSS3
Дефекты
CWE-400