CVE-2023-38498

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-38498

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38498.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38498

Aliases

BIT-discourse-2023-38498
GHSA-wv29-rm3f-4g2j

Published

2023-07-28T15:18:18.903Z

Modified

2026-04-19T03:47:05.870738Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Discourse vulnerable to DoS via defer queue

Details

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38498.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ]
}

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse
Events: Introduced

17daf077e2f11def391859f83d294bb71760b1cf

Fixed

c35038b00ba7c6d6534a538ea211b84d54fa0656

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38498.json"