Home

Description

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.

PUBLISHED Reserved 2023-06-21 | Published 2023-07-14 | Updated 2024-10-22 | Assigner GitHub_M




LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-20: Improper Input Validation

Product status

stable < 3.0.5
affected

beta < 3.1.0.beta6
affected

tests-passed < 3.1.0.beta6
affected

References

github.com/...course/security/advisories/GHSA-4hjh-wg43-p932

cve.org (CVE-2023-36466)

nvd.nist.gov (CVE-2023-36466)

Download JSON