Unrated severityNVD Advisory· Published Jul 14, 2023· Updated Oct 22, 2024

Topic Title Validation Skipped When Changing Category in Discourse

CVE-2023-36466

Description

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.

Affected products

Discourse (software)/Discoursev5
Range: stable < 3.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/security/advisories/GHSA-4hjh-wg43-p932mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000