Discourse 3.1.0 Beta 7 Beta Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*
part: a version: 3.1.0 update: beta7
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.589398 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.589399 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.690336 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47120 |
vulnerable | 2026-06-03 14:53:16.890809 |
Discourse DoS through Onebox favicon URL
HIGH (7.5)
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
Published: 2023-11-10T15:09:54.389Z
Updated: 2024-09-03T18:55:29.162Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41043 |
vulnerable | 2026-06-03 14:52:50.871187 |
Discourse DoS via SvgSprite cache
MEDIUM (6.5)
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.
Published: 2023-09-15T19:27:59.432Z
Updated: 2024-09-24T18:13:49.117Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41042 |
vulnerable | 2026-06-03 14:52:50.865380 |
Discourse DoS via remote theme assets
MEDIUM (4.9)
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
Published: 2023-09-15T19:26:43.088Z
Updated: 2024-09-24T18:17:00.835Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40588 |
vulnerable | 2026-06-03 14:52:50.143872 |
Discourse DoS via 2FA and Security Key Names
MEDIUM (6.5)
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
Published: 2023-09-15T19:23:39.480Z
Updated: 2024-09-24T18:17:15.320Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38706 |
vulnerable | 2026-06-03 14:52:31.843182 |
Discourse vulnerable to DoS via drafts
MEDIUM (6.5)
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.
Published: 2023-09-15T19:22:08.194Z
Updated: 2024-09-24T18:20:38.265Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.