Skip to content

Chat messages should have a maximum character limit

Low
jomaxro published GHSA-mfh7-6cv6-qccc Nov 28, 2022

Package

Discourse (Discourse)

Affected versions

beta <= 2.9.0.beta12; tests-passed <= 2.9.0.beta12

Patched versions

beta >= 2.9.0.beta13; tests-passed >= 2.9.0.beta13

Description

Impact

Users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text.

Patches

Users should upgrade to the latest version where a limit has been introduced.

Workarounds

No workarounds available.

Severity

Low
3.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CVE ID

CVE-2022-41921

Weaknesses