icon

We found results for “

CVE-2022-39226

Date: September 29, 2022

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the "stable" branch and prior to 2.9.0.beta10 on the "beta" and "tests-passed" branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the "stable" branch and version 2.9.0.beta10 on the "beta" and "tests-passed" branches. There are no known workarounds.

Language: Ruby

Severity Score

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us