Discourse 3.3.0 Beta 4 Beta Branch
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.3.0:beta4:*:*:beta:*:*:*
part: a version: 3.3.0 update: beta4
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.602997 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.602999 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.698833 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39320 |
vulnerable | 2026-06-03 14:56:20.556302 |
Discourse allows iframe injection though default site setting
MEDIUM (6.1)
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
Published: 2024-07-30T14:33:48.589Z
Updated: 2024-08-02T04:19:20.670Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37299 |
vulnerable | 2026-06-03 14:56:06.265757 |
Discourse vulnerable to DoS via Tag Group
MEDIUM (4.9)
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
Published: 2024-07-30T14:22:36.367Z
Updated: 2024-08-02T03:50:55.878Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.