Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Jan 2, 2025

Discourse's canonical url not being used for topic embeddings

CVE-2023-32301

Description

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. As a workaround, disable topic embedding if it has been enabled.

Affected products

Discourse (software)/Discoursev5
Range: < 3.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000