Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable
branch and version 2.9.0.beta16 on the beta
and tests-passed
branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:*:*:*:*" ], "severity": "Medium" }