Unrated severityNVD Advisory· Published Feb 8, 2023· Updated Mar 10, 2025

Regular expression denial of service via installing themes via git in discourse

CVE-2023-25167

Description

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.

Affected products

Discourse (software)/Discoursev5
Range: < 3.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cdmitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000