CVE-2023-38684

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38684

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38684.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38684

Aliases

BIT-discourse-2023-38684
GHSA-ff7g-xv79-hgmf

Published

2023-07-28T15:25:41Z

Modified

2025-10-30T20:28:30.583130Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Details

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-770"
    ]
}

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type

GIT

Repo

https://github.com/discourse/discourse

Events

Introduced

17daf077e2f11def391859f83d294bb71760b1cf

Fixed

263afe6b6a9d36ac9512cc32f82a4f7a53f0ee7e

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0.beta1"
        },
        {
            "fixed": "3.1.0.beta7"
        }
    ]
}

Type

GIT

Repo

https://github.com/discourse/discourse

Events

Introduced

Fixed

c35038b00ba7c6d6534a538ea211b84d54fa0656

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.6"
        }
    ]
}

Affected versions

v0.*

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.2.5

v0.9.2.6

v0.9.3

v0.9.3.5

v0.9.4

v0.9.5

v0.9.5.1

v0.9.5.2

v0.9.6

v0.9.6.1

v0.9.6.2

v0.9.6.3

v0.9.6.4

v0.9.7

v0.9.7.1

v0.9.7.2

v0.9.7.3

v0.9.7.4

v0.9.7.5

v0.9.7.6

v0.9.7.7

v0.9.7.8

v0.9.7.9

v0.9.8

v0.9.8.1

v0.9.8.10

v0.9.8.11

v0.9.8.2

v0.9.8.3

v0.9.8.4

v0.9.8.5

v0.9.8.6

v0.9.8.7

v0.9.8.8

v0.9.8.9

v0.9.9.1

v0.9.9.10

v0.9.9.11

v0.9.9.12

v0.9.9.13

v0.9.9.14

v0.9.9.15

v0.9.9.16

v0.9.9.17

v0.9.9.18

v0.9.9.2

v0.9.9.3

v0.9.9.4

v0.9.9.5

v0.9.9.6

v0.9.9.7

v0.9.9.8

v0.9.9.9

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.1.0.beta2

v1.1.0.beta3

v1.1.0.beta4

v1.1.0.beta5

v1.1.0.beta6

v1.1.0.beta6b

v1.1.0.beta7

v1.1.0.beta8

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.0.beta1

v1.2.0.beta2

v1.2.0.beta3

v1.2.0.beta4

v1.2.0.beta5

v1.2.0.beta6

v1.2.0.beta7

v1.2.0.beta8

v1.2.0.beta9

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v1.3.0.beta1

v1.3.0.beta10

v1.3.0.beta11

v1.3.0.beta2

v1.3.0.beta3

v1.3.0.beta4

v1.3.0.beta5

v1.3.0.beta6

v1.3.0.beta7

v1.3.0.beta9

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.0.beta1

v1.4.0.beta10

v1.4.0.beta11

v1.4.0.beta12

v1.4.0.beta2

v1.4.0.beta3

v1.4.0.beta4

v1.4.0.beta5

v1.4.0.beta6

v1.4.0.beta7

v1.4.0.beta8

v1.4.0.beta9

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.5.0

v1.5.0.beta1

v1.5.0.beta10

v1.5.0.beta11

v1.5.0.beta12

v1.5.0.beta13

v1.5.0.beta13b

v1.5.0.beta14

v1.5.0.beta2

v1.5.0.beta3

v1.5.0.beta4

v1.5.0.beta5

v1.5.0.beta6

v1.5.0.beta7

v1.5.0.beta8

v1.5.0.beta9

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.0.beta1

v1.6.0.beta10

v1.6.0.beta11

v1.6.0.beta12

v1.6.0.beta2

v1.6.0.beta3

v1.6.0.beta4

v1.6.0.beta5

v1.6.0.beta6

v1.6.0.beta7

v1.6.0.beta8

v1.6.0.beta9

v1.6.1

v1.6.10

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.0.beta1

v1.7.0.beta10

v1.7.0.beta11

v1.7.0.beta2

v1.7.0.beta3

v1.7.0.beta4

v1.7.0.beta5

v1.7.0.beta6

v1.7.0.beta7

v1.7.0.beta8

v1.7.0.beta9

v1.7.1

v1.7.10

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.0.beta1

v1.8.0.beta10

v1.8.0.beta11

v1.8.0.beta12

v1.8.0.beta13

v1.8.0.beta2

v1.8.0.beta3

v1.8.0.beta4

v1.8.0.beta5

v1.8.0.beta6

v1.8.0.beta7

v1.8.0.beta8

v1.8.0.beta9

v1.8.1

v1.8.10

v1.8.11

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.8.8

v1.8.9

v1.9.0

v1.9.0.beta1

v1.9.0.beta10

v1.9.0.beta11

v1.9.0.beta12

v1.9.0.beta13

v1.9.0.beta14

v1.9.0.beta15

v1.9.0.beta16

v1.9.0.beta17

v1.9.0.beta2

v1.9.0.beta3

v1.9.0.beta4

v1.9.0.beta5

v1.9.0.beta6

v1.9.0.beta7

v1.9.0.beta8

v1.9.0.beta9

v1.9.1

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v2.*

v2.0.0

v2.0.0.beta1

v2.0.0.beta10

v2.0.0.beta2

v2.0.0.beta3

v2.0.0.beta4

v2.0.0.beta5

v2.0.0.beta6

v2.0.0.beta7

v2.0.0.beta8

v2.0.0.beta9

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1.0

v2.1.0.beta1

v2.1.0.beta2

v2.1.0.beta3

v2.1.0.beta4

v2.1.0.beta5

v2.1.0.beta6

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.2.0

v2.2.0.beta1

v2.2.0.beta10

v2.2.0.beta2

v2.2.0.beta3

v2.2.0.beta4

v2.2.0.beta5

v2.2.0.beta6

v2.2.0.beta7

v2.2.0.beta8

v2.2.0.beta9

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.3.0

v2.3.0.beta1

v2.3.0.beta10

v2.3.0.beta11

v2.3.0.beta2

v2.3.0.beta3

v2.3.0.beta4

v2.3.0.beta5

v2.3.0.beta6

v2.3.0.beta7

v2.3.0.beta8

v2.3.0.beta9

v2.3.1

v2.3.10

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4.0

v2.4.0.beta1

v2.4.0.beta10

v2.4.0.beta11

v2.4.0.beta2

v2.4.0.beta3

v2.4.0.beta4

v2.4.0.beta5

v2.4.0.beta6

v2.4.0.beta7

v2.4.0.beta8

v2.4.0.beta9

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.5.0

v2.5.0.beta1

v2.5.0.beta2

v2.5.0.beta3

v2.5.0.beta4

v2.5.0.beta5

v2.5.0.beta6

v2.5.0.beta7

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.6.0

v2.6.0.beta1

v2.6.0.beta2

v2.6.0.beta3

v2.6.0.beta4

v2.6.0.beta5

v2.6.0.beta6

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.7.0

v2.7.0.beta1

v2.7.0.beta2

v2.7.0.beta3

v2.7.0.beta4

v2.7.0.beta5

v2.7.0.beta6

v2.7.0.beta7

v2.7.0.beta8

v2.7.0.beta9

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.0.beta1

v2.8.0.beta10

v2.8.0.beta11

v2.8.0.beta2

v2.8.0.beta3

v2.8.0.beta4

v2.8.0.beta5

v2.8.0.beta6

v2.8.0.beta7

v2.8.0.beta8

v2.8.0.beta9

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9.0.beta1

v2.9.0.beta10

v2.9.0.beta11

v2.9.0.beta12

v2.9.0.beta13

v2.9.0.beta14

v2.9.0.beta2

v2.9.0.beta3

v2.9.0.beta4

v2.9.0.beta5

v2.9.0.beta6

v2.9.0.beta7

v2.9.0.beta8

v2.9.0.beta9

v3.*

v3.0.0

v3.0.0.beta15

v3.0.0.beta16

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.1.0.beta1

v3.1.0.beta2

v3.1.0.beta3

v3.1.0.beta4

v3.1.0.beta5

v3.1.0.beta6