Home > Vulnerability Database > CVE-2023-45806

Mend.io Vulnerability Database

CVE-2023-45806

Date: November 10, 2023

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the "stable" branch and version 3.2.0.beta3 of the "beta" and "tests-passed" branches, if a user has been quoted and uses a "|" in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the "stable" branch and version 3.2.0.beta3 of the "beta" and "tests-passed" branches contain a patch for this issue. No known workaround exists, although one can stop the "bleeding" by ensuring users only use alphanumeric characters in their full name field.

Language: Ruby

Severity Score

4.3

Related Resources (5)

Url: https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e

Url: https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78

Url: https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45806

Url: https://www.mend.io/vulnerability-database/CVE-2023-45806

Severity Score

4.3

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45806

Date: November 10, 2023

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?