CVE-2024-43789

Published: Oct 7, 2024Modified: Sep 25, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (2)

Products: Discourse: Discourse

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Up to 3.4.0
Discourse Discourse	Before 3.3.1

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (1)

https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq

Source: security-advisories@github.com

Third Party Advisory

Timeline

No history available yet.