CVE-2022-35958 Information

Description

Discourse is a 100% open source discussion platform. A malicious user can use the invitation system to spam arbitrary email addresses by sending them invitation emails in some cases. This issue is patched in the latest stable beta and tests-passed versions of Discourse. There are currently no known workarounds.

Reference

https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7 https://github.com/discourse/discourse/pull/17856 https://github.com/discourse/discourse/commit/cc84ea2444136df443aac33651d596cc8dd0b3e1