Unrated severityNVD Advisory· Published Jul 15, 2024· Updated Aug 2, 2024

Denial of service via Watched Words in Discourse

CVE-2024-38360

Description

Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console.

Affected products

Discourse (software)/Discoursev5
Range: stable <= 3.2.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990mitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2pmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000