CVE-2022-23641
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the stable branch, 2.9.0.beta2 of the beta branch, and 2.9.0.beta2 of the tests-passed branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| discourse | discourse | stable <= 2.8.0 | affected |
| discourse | discourse | beta <= 2.9.0.beta1 | affected |
| discourse | discourse | tests-passed <= 2.9.0.beta1 | affected |
Weaknesses
- CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv
- https://github.com/discourse/discourse/pull/15927
- https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/discourse/discourse/security/advisories/GHSA-22xw-f62v-cfxv
- https://github.com/discourse/discourse/pull/15927
- https://github.com/discourse/discourse/commit/a34075d205a8857e29574ffd82aaece0c467565e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.