CVE-2023-38706
Discourse vulnerable to DoS via drafts
6.5
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch. There are no known workarounds.
How to fix CVE-2023-38706
To remediate CVE-2023-38706, upgrade the affected package to a fixed version below.
- —upgrade to 3.1.1 or later
Is CVE-2023-38706 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |