CVE-2024-43789

EUVD-2024-40449
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
discoursediscourse
𝑥
< 3.3.1
discoursediscourse
𝑥
≤ 3.4.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
discoursediscourse
stable ≤
𝑥
< 3.3.1
ADP
discoursediscourse
beta ≤
𝑥
< 3.4.0.beta1
ADP
Common Weakness Enumeration
References
https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq