CVE-2023-44388

Source
https://cve.org/CVERecord?id=CVE-2023-44388
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44388.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-44388
Aliases
Published
2023-10-16T21:11:26.719Z
Modified
2026-07-08T07:34:32.670130895Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Malicious requests can fill up the log files resulting in a deinal of service in Discourse
Details

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the client_max_body_size nginx directive. client_max_body_size will limit the size of uploads that can be uploaded directly to the server.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/44xxx/CVE-2023-44388.json",
    "cwe_ids": [
        "CWE-400"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "stable <= 3.1.1"
        },
        {
            "last_affected": "stable <= 3.1.1"
        },
        {
            "introduced": "beta <= 3.2.0.beta2"
        },
        {
            "last_affected": "beta <= 3.2.0.beta2"
        }
    ]
}

Affected versions

3.*
3.2.0-beta1
beta <= 3.*
beta <= 3.2.0.beta2
stable <= 3.*
stable <= 3.1.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44388.json"