Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
discourse discourse 2.9.0 |
||
discourse discourse |