Vulnerability Description
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 2.8.14 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/pull/19737PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxfThird Party Advisory
- https://github.com/discourse/discourse/pull/19737PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxfThird Party Advisory
FAQ
What is CVE-2022-23548?
CVE-2022-23548 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible t...
How severe is CVE-2022-23548?
CVE-2022-23548 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23548?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.