Unrated severityNVD Advisory· Published Jan 27, 2023· Updated Mar 10, 2025
Discourse vulnerable to ReDoS in user agent parsing
CVE-2023-23621
Description
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches. There are no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<3.0.1 (stable) / <3.1.0.beta2 (beta)+ 1 more
- (no CPE)range: <3.0.1 (stable) / <3.1.0.beta2 (beta)
- (no CPE)range: < 3.0.1
Patches
Vulnerability mechanics
References
3- github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458mitrex_refsource_MISC
- github.com/discourse/discourse/pull/20002mitrex_refsource_MISC
- github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcvmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.