Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console.
References
Configurations
Configuration 1 (hide)
|
History
26 Aug 2025, 19:13
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Discourse
Discourse discourse |
|
| CPE | cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:* |
|
| References | () https://github.com/discourse/discourse/commit/7b53e610c17e38be982dffefa4e5b5a709a3b990 - Patch | |
| References | () https://github.com/discourse/discourse/security/advisories/GHSA-68pm-hm8x-pq2p - Vendor Advisory |
Information
Published : 2024-07-15 20:15
Updated : 2025-08-26 19:13
NVD link : CVE-2024-38360
Mitre link : CVE-2024-38360
CVE.ORG link : CVE-2024-38360
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-400
Uncontrolled Resource Consumption