Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 3.1.0 vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-28112
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable malicious users to trigger outbound netwo...
Discourse Discourse 3.1.0
Discourse Discourse
7.5
CVSSv3
CVE-2023-47120
Discourse is an open source platform for community discussion. In versions 3.1.0 up to and including 3.1.2 of the `stable` branch and versions 3.1.0,beta6 up to and including 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site wi...
Discourse Discourse 3.1.0
Discourse Discourse 3.2.0
Discourse Discourse
7.5
CVSSv3
CVE-2023-38684
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
7.5
CVSSv3
CVE-2023-36818
Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vuln...
Discourse Discourse 3.1.0
7.5
CVSSv3
CVE-2023-28111
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The...
Discourse Discourse 3.1.0
Discourse Discourse
7.5
CVSSv3
CVE-2023-23621
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is ...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
6.5
CVSSv3
CVE-2023-40588
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of ...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
6.5
CVSSv3
CVE-2023-41042
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
6.5
CVSSv3
CVE-2023-38706
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the re...
Discourse Discourse 3.1.0
Discourse Discourse
6.5
CVSSv3
CVE-2023-41043
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This ...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »