Discourse 3.3.0 Beta 3 Beta Branch
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.3.0:beta3:*:*:beta:*:*:*
part: a version: 3.3.0 update: beta3
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.601403 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.601405 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.698292 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39320 |
vulnerable | 2026-06-03 14:56:20.555667 |
Discourse allows iframe injection though default site setting
MEDIUM (6.1)
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
Published: 2024-07-30T14:33:48.589Z
Updated: 2024-08-02T04:19:20.670Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37299 |
vulnerable | 2026-06-03 14:56:06.264443 |
Discourse vulnerable to DoS via Tag Group
MEDIUM (4.9)
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
Published: 2024-07-30T14:22:36.367Z
Updated: 2024-08-02T03:50:55.878Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37157 |
vulnerable | 2026-06-03 14:56:05.914313 |
Discourse vulnerable to Server-Side Request Forgery via FastImage
MEDIUM (6.4)
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.
Published: 2024-07-03T19:13:42.868Z
Updated: 2024-08-02T03:50:55.878Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36122 |
vulnerable | 2026-06-03 14:56:03.597016 |
Discourse doesn't limit reviewable user serializer payload
LOW (2.4)
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue.
Published: 2024-07-03T19:10:45.955Z
Updated: 2024-08-02T03:30:13.046Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.