Vulnerability Description
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 3.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3Patch
- https://github.com/discourse/discourse/pull/20002Issue TrackingPatch
- https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcvThird Party Advisory
- https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3Patch
- https://github.com/discourse/discourse/pull/20002Issue TrackingPatch
- https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcvThird Party Advisory
FAQ
What is CVE-2023-23621?
CVE-2023-23621 is a vulnerability with a CVSS score of 8.6 (HIGH). Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular e...
How severe is CVE-2023-23621?
CVE-2023-23621 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23621?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.