CVE-2023-32301

Published: Jun 13, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.

Affected (5)

Products: Discourse: Discourse

Discourse

1 product

Discourse

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 3.0.4
Discourse Discourse	Version 3.1.0 beta1
Discourse Discourse	Version 3.1.0 beta2
Discourse Discourse	Version 3.1.0 beta3
Discourse Discourse	Version 3.1.0 beta4

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (2)

https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4

Source: security-advisories@github.com

Vendor Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.