Vulnerabilities > CVE-2023-36818 - Unspecified vulnerability in Discourse 3.1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

discourse

NVD

Published: 2023-07-14

Updated: 2023-07-27

Summary

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Discourse Discourse Discourse 3.1.0	1

References

https://github.com/discourse/discourse/security/advisories/GHSA-gxqx-3q2p-37gm
https://github.com/discourse/discourse/commit/52b003d915761f1581ae2d105f3cbe76df7bf1ff