CNNVD-202601-4695 Information
CNNVD ID
CNNVD-202601-4695
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在安全漏洞,该漏洞源于用户名更改功能存在应用级拒绝服务漏洞,可能导致服务器延迟和资源耗尽。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in previous versions of Discourse 3.5.4, before 2025.11.2, before 2025.12.1 and before 2026.1.0, which stems from the application-level denial service gap in the user name change function, which may result in server delays and resource depletion.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-rmp6-c9rq-6q7p https://access.redhat.com/security/cve/cve-2025-68659
Patch
https://github.com/discourse/discourse/tags
Share on: