BIT-discourse-2023-32301

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2023-32301.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-discourse-2023-32301

Aliases

CVE-2023-32301
GHSA-p2jx-m2j5-hqh4

Published

2024-03-06T10:57:01.167Z

Modified

2025-10-08T14:42:02.278020Z

Summary

Discourse's canonical url not being used for topic embeddings

Details

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. As a workaround, disable topic embedding if it has been enabled.

Database specific

{
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.4