Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-47120

Published: 10/11/2023 Updated: 17/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Discourse

Vulnerability Summary

Discourse is an open source platform for community discussion. In versions 3.1.0 up to and including 3.1.2 of the `stable` branch and versions 3.1.0,beta6 up to and including 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

Vulnerable Product Search on Vulmon Subscribe to Product

discourse discourse 3.1.0

discourse discourse 3.2.0

discourse discourse

References

CWE-770https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0cehttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook