CVE-2023-38684

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38684

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38684.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38684

Aliases

BIT-discourse-2023-38684
GHSA-ff7g-xv79-hgmf

Published

2023-07-28T16:15:12Z

Modified

2024-10-12T11:03:12.679190Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70

Affected versions

v0.*

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.2.5

v0.9.2.6

v0.9.3

v0.9.3.5

v0.9.4

v0.9.5

v0.9.5.1

v0.9.5.2

v0.9.6

v0.9.6.1

v0.9.6.2

v0.9.6.3

v0.9.6.4

v0.9.7

v0.9.7.1

v0.9.7.2

v0.9.7.3

v0.9.7.4

v0.9.7.5

v0.9.7.6

v0.9.7.7

v0.9.7.8

v0.9.7.9

v0.9.8

v0.9.8.1

v0.9.8.10

v0.9.8.11

v0.9.8.2

v0.9.8.3

v0.9.8.4

v0.9.8.5

v0.9.8.6

v0.9.8.7

v0.9.8.8

v0.9.8.9

v0.9.9.1

v0.9.9.10

v0.9.9.11

v0.9.9.12

v0.9.9.13

v0.9.9.14

v0.9.9.15

v0.9.9.16

v0.9.9.17

v0.9.9.18

v0.9.9.2

v0.9.9.3

v0.9.9.4

v0.9.9.5

v0.9.9.6

v0.9.9.7

v0.9.9.8

v0.9.9.9

v1.*

v1.0.0

v1.1.0.beta2

v1.1.0.beta3

v1.1.0.beta4

v1.1.0.beta5

v1.1.0.beta6

v1.1.0.beta6b

v1.1.0.beta7

v1.1.0.beta8

v1.2.0.beta1

v1.2.0.beta2

v1.2.0.beta3

v1.2.0.beta4

v1.2.0.beta5

v1.2.0.beta6

v1.2.0.beta7

v1.2.0.beta8

v1.2.0.beta9

v1.3.0.beta1

v1.3.0.beta10

v1.3.0.beta11

v1.3.0.beta2

v1.3.0.beta3

v1.3.0.beta4

v1.3.0.beta5

v1.3.0.beta6

v1.3.0.beta7

v1.3.0.beta9

v1.4.0.beta1

v1.4.0.beta10

v1.4.0.beta11

v1.4.0.beta12

v1.4.0.beta2

v1.4.0.beta3

v1.4.0.beta4

v1.4.0.beta5

v1.4.0.beta6

v1.4.0.beta7

v1.4.0.beta8

v1.4.0.beta9

v1.5.0.beta1

v1.5.0.beta10

v1.5.0.beta11

v1.5.0.beta12

v1.5.0.beta13

v1.5.0.beta13b

v1.5.0.beta14

v1.5.0.beta2

v1.5.0.beta3

v1.5.0.beta4

v1.5.0.beta5

v1.5.0.beta6

v1.5.0.beta7

v1.5.0.beta8

v1.5.0.beta9

v1.6.0.beta1

v1.6.0.beta10

v1.6.0.beta11

v1.6.0.beta12

v1.6.0.beta2

v1.6.0.beta3

v1.6.0.beta4

v1.6.0.beta5

v1.6.0.beta6

v1.6.0.beta7

v1.6.0.beta8

v1.6.0.beta9

v1.7.0.beta1

v1.7.0.beta10

v1.7.0.beta11

v1.7.0.beta2

v1.7.0.beta3

v1.7.0.beta4

v1.7.0.beta5

v1.7.0.beta6

v1.7.0.beta7

v1.7.0.beta8

v1.7.0.beta9

v1.8.0.beta1

v1.8.0.beta10

v1.8.0.beta11

v1.8.0.beta12

v1.8.0.beta13

v1.8.0.beta2

v1.8.0.beta3

v1.8.0.beta4

v1.8.0.beta5

v1.8.0.beta6

v1.8.0.beta7

v1.8.0.beta8

v1.8.0.beta9

v1.9.0.beta1

v1.9.0.beta10

v1.9.0.beta11

v1.9.0.beta12

v1.9.0.beta13

v1.9.0.beta14

v1.9.0.beta15

v1.9.0.beta16

v1.9.0.beta17

v1.9.0.beta2

v1.9.0.beta3

v1.9.0.beta4

v1.9.0.beta5

v1.9.0.beta6

v1.9.0.beta7

v1.9.0.beta8

v1.9.0.beta9

v2.*

v2.0.0.beta1

v2.0.0.beta10

v2.0.0.beta2

v2.0.0.beta3

v2.0.0.beta4

v2.0.0.beta5

v2.0.0.beta6

v2.0.0.beta7

v2.0.0.beta8

v2.0.0.beta9

v2.1.0.beta1

v2.1.0.beta2

v2.1.0.beta3

v2.1.0.beta4

v2.1.0.beta5

v2.1.0.beta6

v2.2.0.beta1

v2.2.0.beta10

v2.2.0.beta2

v2.2.0.beta3

v2.2.0.beta4

v2.2.0.beta5

v2.2.0.beta6

v2.2.0.beta7

v2.2.0.beta8

v2.2.0.beta9

v2.3.0.beta1

v2.3.0.beta10

v2.3.0.beta11

v2.3.0.beta2

v2.3.0.beta3

v2.3.0.beta4

v2.3.0.beta5

v2.3.0.beta6

v2.3.0.beta7

v2.3.0.beta8

v2.3.0.beta9

v2.4.0.beta1

v2.4.0.beta10

v2.4.0.beta11

v2.4.0.beta2

v2.4.0.beta3

v2.4.0.beta4

v2.4.0.beta5

v2.4.0.beta6

v2.4.0.beta7

v2.4.0.beta8

v2.4.0.beta9

v2.5.0.beta1

v2.5.0.beta2

v2.5.0.beta3

v2.5.0.beta4

v2.5.0.beta5

v2.5.0.beta6

v2.5.0.beta7

v2.6.0.beta1

v2.6.0.beta2

v2.6.0.beta3

v2.6.0.beta4

v2.6.0.beta5

v2.6.0.beta6

v2.7.0.beta1

v2.7.0.beta2

v2.7.0.beta3

v2.7.0.beta4

v2.7.0.beta5

v2.7.0.beta6

v2.7.0.beta7

v2.7.0.beta8

v2.7.0.beta9

v2.8.0.beta1

v2.8.0.beta10

v2.8.0.beta11

v2.8.0.beta2

v2.8.0.beta3

v2.8.0.beta4

v2.8.0.beta5

v2.8.0.beta6

v2.8.0.beta7

v2.8.0.beta8

v2.8.0.beta9

v2.9.0.beta1

v2.9.0.beta10

v2.9.0.beta11

v2.9.0.beta12

v2.9.0.beta13

v2.9.0.beta14

v2.9.0.beta2

v2.9.0.beta3

v2.9.0.beta4

v2.9.0.beta5

v2.9.0.beta6

v2.9.0.beta7

v2.9.0.beta8

v2.9.0.beta9

v3.*

v3.0.0.beta15

v3.0.0.beta16

v3.1.0.beta1

v3.1.0.beta2

v3.1.0.beta3

v3.1.0.beta4

v3.1.0.beta5

v3.1.0.beta6