Vulnerability Description
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 2.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a47PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qcccThird Party Advisory
- https://github.com/discourse/discourse/commit/3de765c89524a526ce611e11468d758a47PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-mfh7-6cv6-qcccThird Party Advisory
FAQ
What is CVE-2022-41921?
CVE-2022-41921 is a vulnerability with a CVSS score of 3.5 (LOW). Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting hu...
How severe is CVE-2022-41921?
CVE-2022-41921 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41921?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.