← Back

CVE-2022-31184

nvd nist
Published: Aug 1, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.

Affected (8)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Up to 2.8.6
Discourse
Version 2.9.0 beta1
Discourse
Version 2.9.0 beta2
Discourse
Version 2.9.0 beta3
Discourse
Version 2.9.0 beta4
Discourse
Version 2.9.0 beta5
Discourse
Version 2.9.0 beta6
Discourse
Version 2.9.0 beta7

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.