CVE-2022-23548
on github
Published
Severity
CVSS v3:
6.5 MEDIUM
CVSS v2:
N/A
Description
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:* | n/a | n/a | 3.0.0 |
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* | n/a | 2.8.14 | * |