CVE-2022-23548

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1333
View all →

Vulnerability Description

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.

Related Vulnerabilities

CVE-2019-16215

MEDIUM
CVSS:6.5(Medium)

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server ...

CWE-13332019

CVE-2021-25292

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CWE-13332021

CVE-2021-39933

MEDIUM
CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A r...

CWE-13332021

CVE-2021-39940

MEDIUM
CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitL...

CWE-13332021

CVE-2021-4437

MEDIUM
CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages...

CWE-13332021

CVE-2021-46823

MEDIUM
CVSS:6.5(Medium)

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP sche...

CWE-13332021