CVE-2022-23548

discourse/discourse
on github

Published

Severity

CVSS v3:
6.5 MEDIUM
CVSS v2:
N/A

Description

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*n/an/a2.9.0
cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*n/an/a3.0.0
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*n/a2.8.14*

External Links