Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable
branch and versions 3.1.0, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the stable
branch. There are no known workarounds.
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*", "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*" ], "severity": "High" }