Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
discourse discourse 2.9.0 |
||
discourse discourse 3.0.0 |
||
discourse discourse |