CVE-2023-25167

MEDIUM Year: 2023
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-1333
View all →

Vulnerability Description

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2022-2596

MEDIUM
CVSS:5.9(Medium)

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.

CWE-13332022

CVE-2022-40897

MEDIUM
CVSS:5.9(Medium)

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression...

CWE-13332022

CVE-2023-26112

MEDIUM
CVSS:5.9(Medium)

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a...

CWE-13332023

CVE-2023-27704

MEDIUM
CVSS:5.5(Medium)

Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).

CWE-13332023

CVE-2023-7279

LOW
CVSS:5.9(Medium)

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.j...

CWE-13332023

CVE-2024-3772

MEDIUM
CVSS:5.9(Medium)

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

CWE-13332024