| Vendor |
Discourse |
| Affected product |
Discourse |
| Affected versions |
stable <= 3.0.2; beta <= 3.1.0.beta3; tests-passed <= 3.1.0.beta3 |
| Vulnerability type |
CWE-1333: Inefficient Regular Expression Complexity |
| Description |
A maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. |
| Status |
fixed in stable >= 3.0.3; beta <= 3.1.0.beta4; tests-passed <= 3.1.0.beta4 |
| Reporter |
So Sakaguchi, GMO Cybersecurity by Ierae, Inc. |