Vulnerability Description
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 3.1.1 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvxThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvxThird Party Advisory
FAQ
What is CVE-2023-41043?
CVE-2023-41043 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extreme...
How severe is CVE-2023-41043?
CVE-2023-41043 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41043?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.