Unrated severityNVD Advisory· Published Jul 28, 2023· Updated Oct 10, 2024

Discourse vulnerable to DoS via defer queue

CVE-2023-38498

Description

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.

Affected products

Discourse (software)/Discoursev5
Range: >= 3.1.0.beta1, < 3.1.0.beta7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182mitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2jmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000