← Back

CVE-2023-41043

nvd nist
Published: Sep 15, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.

Affected (214)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Before 3.1.1
Configuration B
213 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Version 1.1.0 beta1
Discourse
Version 1.1.0 beta2
Discourse
Version 1.1.0 beta3
Discourse
Version 1.1.0 beta4
Discourse
Version 1.1.0 beta5
Discourse
Version 1.1.0 beta6
Discourse
Version 1.1.0 beta6b
Discourse
Version 1.1.0 beta7
Discourse
Version 1.1.0 beta8
Discourse
Version 1.2.0 beta1
Discourse
Version 1.2.0 beta2
Discourse
Version 1.2.0 beta3
Discourse
Version 1.2.0 beta4
Discourse
Version 1.2.0 beta5
Discourse
Version 1.2.0 beta6
Discourse
Version 1.2.0 beta7
Discourse
Version 1.2.0 beta8
Discourse
Version 1.2.0 beta9
Discourse
Version 1.3.0 beta10
Discourse
Version 1.3.0 beta11
Discourse
Version 1.3.0 beta1
Discourse
Version 1.3.0 beta2
Discourse
Version 1.3.0 beta3
Discourse
Version 1.3.0 beta4
Discourse
Version 1.3.0 beta5
Discourse
Version 1.3.0 beta6
Discourse
Version 1.3.0 beta7
Discourse
Version 1.3.0 beta8
Discourse
Version 1.3.0 beta9
Discourse
Version 1.4.0 beta10
Discourse
Version 1.4.0 beta11
Discourse
Version 1.4.0 beta12
Discourse
Version 1.4.0 beta1
Discourse
Version 1.4.0 beta2
Discourse
Version 1.4.0 beta3
Discourse
Version 1.4.0 beta4
Discourse
Version 1.4.0 beta5
Discourse
Version 1.4.0 beta6
Discourse
Version 1.4.0 beta7
Discourse
Version 1.4.0 beta8
Discourse
Version 1.4.0 beta9
Discourse
Version 1.5.0 beta10
Discourse
Version 1.5.0 beta11
Discourse
Version 1.5.0 beta12
Discourse
Version 1.5.0 beta13
Discourse
Version 1.5.0 beta13b
Discourse
Version 1.5.0 beta14
Discourse
Version 1.5.0 beta1
Discourse
Version 1.5.0 beta2
Discourse
Version 1.5.0 beta3
Discourse
Version 1.5.0 beta4
Discourse
Version 1.5.0 beta5
Discourse
Version 1.5.0 beta6
Discourse
Version 1.5.0 beta7
Discourse
Version 1.5.0 beta8
Discourse
Version 1.5.0 beta9
Discourse
Version 1.6.0 beta10
Discourse
Version 1.6.0 beta11
Discourse
Version 1.6.0 beta12
Discourse
Version 1.6.0 beta1
Discourse
Version 1.6.0 beta2
Discourse
Version 1.6.0 beta3
Discourse
Version 1.6.0 beta4
Discourse
Version 1.6.0 beta5
Discourse
Version 1.6.0 beta6
Discourse
Version 1.6.0 beta7
Discourse
Version 1.6.0 beta8
Discourse
Version 1.6.0 beta9
Discourse
Version 1.7.0 beta10
Discourse
Version 1.7.0 beta11
Discourse
Version 1.7.0 beta1
Discourse
Version 1.7.0 beta2
Discourse
Version 1.7.0 beta3
Discourse
Version 1.7.0 beta4
Discourse
Version 1.7.0 beta5
Discourse
Version 1.7.0 beta6
Discourse
Version 1.7.0 beta7
Discourse
Version 1.7.0 beta8
Discourse
Version 1.7.0 beta9
Discourse
Version 1.8.0 beta10
Discourse
Version 1.8.0 beta11
Discourse
Version 1.8.0 beta12
Discourse
Version 1.8.0 beta13
Discourse
Version 1.8.0 beta1
Discourse
Version 1.8.0 beta2
Discourse
Version 1.8.0 beta3
Discourse
Version 1.8.0 beta4
Discourse
Version 1.8.0 beta5
Discourse
Version 1.8.0 beta6
Discourse
Version 1.8.0 beta7
Discourse
Version 1.8.0 beta8
Discourse
Version 1.8.0 beta9
Discourse
Version 1.9.0 beta10
Discourse
Version 1.9.0 beta11
Discourse
Version 1.9.0 beta12
Discourse
Version 1.9.0 beta13
Discourse
Version 1.9.0 beta14
Discourse
Version 1.9.0 beta15
Discourse
Version 1.9.0 beta16
Discourse
Version 1.9.0 beta17
Discourse
Version 1.9.0 beta1
Discourse
Version 1.9.0 beta2
Discourse
Version 1.9.0 beta3
Discourse
Version 1.9.0 beta4
Discourse
Version 1.9.0 beta5
Discourse
Version 1.9.0 beta6
Discourse
Version 1.9.0 beta7
Discourse
Version 1.9.0 beta8
Discourse
Version 1.9.0 beta9
Discourse
Version 2.0.0 beta10
Discourse
Version 2.0.0 beta1
Discourse
Version 2.0.0 beta2
Discourse
Version 2.0.0 beta3
Discourse
Version 2.0.0 beta4
Discourse
Version 2.0.0 beta5
Discourse
Version 2.0.0 beta6
Discourse
Version 2.0.0 beta7
Discourse
Version 2.0.0 beta8
Discourse
Version 2.0.0 beta9
Discourse
Version 2.1.0 beta1
Discourse
Version 2.1.0 beta2
Discourse
Version 2.1.0 beta3
Discourse
Version 2.1.0 beta4
Discourse
Version 2.1.0 beta5
Discourse
Version 2.1.0 beta6
Discourse
Version 2.2.0 beta10
Discourse
Version 2.2.0 beta1
Discourse
Version 2.2.0 beta2
Discourse
Version 2.2.0 beta3
Discourse
Version 2.2.0 beta4
Discourse
Version 2.2.0 beta5
Discourse
Version 2.2.0 beta6
Discourse
Version 2.2.0 beta7
Discourse
Version 2.2.0 beta8
Discourse
Version 2.2.0 beta9
Discourse
Version 2.3.0 beta10
Discourse
Version 2.3.0 beta11
Discourse
Version 2.3.0 beta1
Discourse
Version 2.3.0 beta2
Discourse
Version 2.3.0 beta3
Discourse
Version 2.3.0 beta4
Discourse
Version 2.3.0 beta5
Discourse
Version 2.3.0 beta6
Discourse
Version 2.3.0 beta7
Discourse
Version 2.3.0 beta8
Discourse
Version 2.3.0 beta9
Discourse
Version 2.4.0 beta10
Discourse
Version 2.4.0 beta11
Discourse
Version 2.4.0 beta1
Discourse
Version 2.4.0 beta2
Discourse
Version 2.4.0 beta3
Discourse
Version 2.4.0 beta4
Discourse
Version 2.4.0 beta5
Discourse
Version 2.4.0 beta6
Discourse
Version 2.4.0 beta7
Discourse
Version 2.4.0 beta8
Discourse
Version 2.4.0 beta9
Discourse
Version 2.5.0 beta1
Discourse
Version 2.5.0 beta2
Discourse
Version 2.5.0 beta3
Discourse
Version 2.5.0 beta4
Discourse
Version 2.5.0 beta5
Discourse
Version 2.5.0 beta6
Discourse
Version 2.5.0 beta7
Discourse
Version 2.6.0 beta1
Discourse
Version 2.6.0 beta2
Discourse
Version 2.6.0 beta3
Discourse
Version 2.6.0 beta4
Discourse
Version 2.6.0 beta5
Discourse
Version 2.6.0 beta6
Discourse
Version 2.7.0 beta1
Discourse
Version 2.7.0 beta2
Discourse
Version 2.7.0 beta3
Discourse
Version 2.7.0 beta4
Discourse
Version 2.7.0 beta5
Discourse
Version 2.7.0 beta6
Discourse
Version 2.7.0 beta7
Discourse
Version 2.7.0 beta8
Discourse
Version 2.7.0 beta9
Discourse
Version 2.8.0 beta10
Discourse
Version 2.8.0 beta11
Discourse
Version 2.8.0 beta1
Discourse
Version 2.8.0 beta2
Discourse
Version 2.8.0 beta3
Discourse
Version 2.8.0 beta4
Discourse
Version 2.8.0 beta5
Discourse
Version 2.8.0 beta6
Discourse
Version 2.8.0 beta7
Discourse
Version 2.8.0 beta8
Discourse
Version 2.8.0 beta9
Discourse
Version 2.9.0 beta10
Discourse
Version 2.9.0 beta11
Discourse
Version 2.9.0 beta12
Discourse
Version 2.9.0 beta13
Discourse
Version 2.9.0 beta14
Discourse
Version 2.9.0 beta1
Discourse
Version 2.9.0 beta2
Discourse
Version 2.9.0 beta3
Discourse
Version 2.9.0 beta4
Discourse
Version 2.9.0 beta5
Discourse
Version 2.9.0 beta6
Discourse
Version 2.9.0 beta7
Discourse
Version 2.9.0 beta8
Discourse
Version 2.9.0 beta9
Discourse
Version 3.0.0 beta15
Discourse
Version 3.0.0 beta16
Discourse
Version 3.1.0 beta1
Discourse
Version 3.1.0 beta2
Discourse
Version 3.1.0 beta3
Discourse
Version 3.1.0 beta5
Discourse
Version 3.1.0 beta6
Discourse
Version 3.1.0 beta7
Discourse
Version 3.1.0 beta8

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.