CVE-2022-23549
Discourse vulnerable to bypass of post max_length using HTML comments
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Productos afectados
discourse · discourse¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →