CVE-2022-31184

Description

Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.

Related CPE's

adiscoursediscourse2.9.0beta1******

adiscoursediscourse2.9.0beta2******

adiscoursediscourse2.9.0beta3******

adiscoursediscourse2.9.0beta4******

adiscoursediscourse2.9.0beta5******

adiscoursediscourse2.9.0beta7******

adiscoursediscourse2.9.0beta6******

adiscoursediscourse********

References

https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf

Third Party Advisory

https://github.com/discourse/discourse/commit/af1cb735db7fb73217b85d22dbadd1bc824ac0b0

PatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io