CNNVD-202601-4667 Information
CNNVD ID
CNNVD-202601-4667
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在安全漏洞,该漏洞源于经过身份验证的用户可以向/drafts.json提交特制有效载荷,导致Base62.decode进行O(n^2)处理,可能导致拒绝服务攻击。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in previous versions of Discourse 3.5.4, before 2025.11.2, before 2025.12.1 and before 2026.1.0, which stems from the fact that an identified user can submit a specially designed payload to/dravafts.json, leading to the O(n^2) treatment of Base62.decode, which may lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849 https://access.redhat.com/security/cve/cve-2025-68934
Patch
https://github.com/discourse/discourse/tags
Share on: