Vendor |
Discourse |
Affected product |
Discourse |
Affected versions |
stable <= 3.0.2; beta <= 3.1.0.beta3; tests-passed <= 3.1.0.beta3 |
Vulnerability type |
CWE-1333: Inefficient Regular Expression Complexity |
Description |
A maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. |
Status |
fixed in stable >= 3.0.3; beta <= 3.1.0.beta4; tests-passed <= 3.1.0.beta4 |
Reporter |
So Sakaguchi, GMO Cybersecurity by Ierae, Inc. |