Unrated severityNVD Advisory· Published Jan 5, 2023· Updated Mar 10, 2025

CVE-2022-23548

Description

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.

Affected products

Discourse (software)/Discoursev5
Range: < 2.8.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/pull/19737mitre
github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000