BIT-discourse-2023-47119
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2023-47119.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-discourse-2023-47119
- Aliases
- Published
- 2024-03-06T10:52:15.470Z
- Modified
- 2025-04-03T14:40:37.652Z
- Summary
- [none]
- Details
-
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the
stablebranch, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of thestablebranch. There are no known workarounds. - Database specific
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*" ], "severity": "Medium" }- References
-
- https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09
- https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c
- https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w
- https://nvd.nist.gov/vuln/detail/CVE-2023-47119
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator