{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-38684", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-24T16:19:28.363Z", "datePublished": "2023-07-28T15:25:41.132Z", "dateUpdated": "2023-07-28T15:25:41.132Z"}, "containers": {"cna": {"title": "Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"}, {"name": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": ">= 3.1.0.beta1, < 3.1.0.beta7", "status": "affected"}, {"version": "< 3.0.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-28T15:25:41.132Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-ff7g-xv79-hgmf", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "matchCriteriaId": "8706E13A-141F-4E47-AA17-8DA913CE2020", "versionEndExcluding": "3.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "BF272688-1B08-4ABC-8002-66B59690F9A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "A29A2465-B21D-4147-8292-DCF864D385B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "BBC3511E-3D68-42E2-B521-966FB429B640", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "EC8B99C2-E267-4EC2-AF09-C9AD1EEE76D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "F21A22EE-081A-4489-A7F8-22E2DBC5B00E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "6E6C8FB3-4B19-4510-B9A8-BCF9ED8ED7C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta6b:*:*:beta:*:*:*", "matchCriteriaId": "5B827291-6483-4BB7-AF76-530B669B3ED5", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "551E70ED-34FF-4989-91C9-6312DE4AB4DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.1.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "204FB99A-8F11-4F04-9ED9-D94551790116", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "46A8705C-0DF6-45D7-A38C-D2AB69194C59", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "F59B0D8E-CFFB-4EBA-9D6A-526F9541BA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "D801A898-27D0-4076-8AF9-2B574FA11723", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "E7CBBD4A-4FDB-49E0-A5B6-22701C12BDF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "9E7328DF-1924-4D0D-AC6B-1BA2D9CF1D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "9421CE10-F226-4F2C-9DA7-EBB44B73C304", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "1E71FBB6-ECAD-4581-9982-4C330D55FEAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "1B631CCC-D456-49FF-B626-59C40BD4E167", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.2.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "BE83F98D-F7AA-434B-8438-5B1FB96681B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "EB93F19B-9087-44CE-B884-45F434B7906F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "5A88A5A3-EF1A-4E86-B074-CE0AC4325484", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "0650B4C7-BCFE-4180-8FEF-4170A67E8BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "388F376E-46C9-4163-992D-95E3E4548D0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "D661090A-DA61-4BBE-85C3-6F48C053C84B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "4A458242-D6DD-46E3-AF09-66BC87C5D7A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "A8FACCBA-0D3B-4E6F-85A0-1CBD2B367F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "F1D83D80-A0BE-4794-91A1-599AF558FB67", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "BD15B6B2-BFB3-4271-A507-48E9B827FA02", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "E0003042-9B14-4E1B-800F-3D154FFE8A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.3.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "E449EA29-81C8-4477-977E-746EACDBED86", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "6FC6D4DF-8686-4054-A0C1-784E194171E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "C574C37D-3D99-4430-A3D5-199883556B64", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "F344E950-EFF9-4405-99D7-0B615C32873F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta12:*:*:beta:*:*:*", "matchCriteriaId": "0A50DE1B-29EB-4014-B5B6-46CF493485F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "638B3E17-9F0A-4A96-B8D3-DDFEA518DBE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "6D3E3AEB-8CD4-4EE7-9C81-2F74512071DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "254FF9D9-E696-41C8-B15B-DA089D2C6597", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "2A5001E1-E716-43AA-8093-E0EED9E07909", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "7FD16B13-516A-4D03-B1EF-A11156471A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "E886D9EF-7FBD-4A24-A8B6-54E4B15403C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "369A83D1-AB7E-488D-9D74-26A69DFC1AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.4.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "3189CAC1-8970-4A33-B1E4-EB9EC3C19A25", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "A8733438-7625-400E-8237-BAE3D9F147AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "E87F1ED0-FD0D-4767-8E7C-325D920B79BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "97811266-A13C-4441-A1B5-BFA4B0862DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta12:*:*:beta:*:*:*", "matchCriteriaId": "3D09D157-4B19-4561-AB20-952F2EA9BA0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13:*:*:beta:*:*:*", "matchCriteriaId": "789087AF-0011-4E8F-A5AB-432A5F91BBA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta13b:*:*:beta:*:*:*", "matchCriteriaId": "8EC9DC8C-56DC-482B-8847-BD0CFACA6F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta14:*:*:beta:*:*:*", "matchCriteriaId": "F63B3D13-24F6-4EFA-9528-DBF59D973A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "7F3A2388-18DE-46B0-BC13-7714E25D1B1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "940B11CB-053F-4D60-8BC4-81CA659D2F7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "83684DCB-B201-43B8-8B6E-6D0B13B7E437", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "DF92E1FD-9B41-4A41-8B13-9D789C5729D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "351D224A-E67C-454C-AF43-8AD6CD44C685", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "E058CA6D-A295-4CAD-8C85-E8C83BAFEBD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "FF99C114-1BCA-4400-BC7E-EDA1F55559CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.5.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "BBA1EFBA-5A26-46A0-B2A6-53B9924253BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "FE5B90B0-B6CC-4189-9C98-CF29017A47B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "A1818628-5F4E-4E5D-974A-0BEBCE821209", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "14785840-3BC0-4030-AE44-E3013DF19AD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta12:*:*:beta:*:*:*", "matchCriteriaId": "90444209-684C-4BF8-9BCF-6B29EA0A0593", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "668E15DE-8CF2-4AF3-B13A-9080046B1E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "1191861C-1B2C-4762-805D-FCDC20F84D05", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "3CB518E5-CCC0-46B8-848E-C492BCF7E9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "CA1F68FE-67EA-4408-8E0F-558B0FAFFF32", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "66E9F05C-799A-43D3-9367-FCA86166BD65", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "85DB4097-6EFC-4017-ADFD-56EE49BB2F34", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "AD283EA2-9026-497F-A7DE-E16CE0764ED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.6.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "ED19DDDF-A29E-4C3F-A818-23D7E37B6974", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "508D0052-B7D7-4A08-8BB0-7D7A1EDAB96D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "3E50BFB0-67D3-4EDE-93FE-85EAF605461E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "D7EE0134-6AD7-4695-B536-1959FE3A9672", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "25DFFB5C-277F-4436-9BCE-643E98721C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "B8B80EB2-0B48-4AFA-8A09-26006CCDB022", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "AC8705E0-23ED-4817-8B69-21A4963C27F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "BAA156A9-A9FB-4D03-B0EE-4AA303D7A9CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "F733E585-075C-402A-9B34-1FE79DE4137E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "05C43439-C694-47AA-90AF-0AC2277E3D3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "B391F8A1-F102-4C88-864C-1386452CDAB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.7.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "0BC33C93-9947-4983-96A3-7DE223929817", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "B46DE141-1224-499E-AAE0-6CC0D5249B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "D8D07501-A07E-4743-A188-2E5BBC3C8F97", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "64FD2A30-EE33-4680-9DCF-29283DBA3C4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta12:*:*:beta:*:*:*", "matchCriteriaId": "B517F7A2-6FD1-4A7B-80E7-1167EC296591", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta13:*:*:beta:*:*:*", "matchCriteriaId": "E6CA6EA5-DDAD-4882-AD1B-634C0CD741BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "F14DCB07-9464-4DDE-98A1-FAE85DD60FBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "6EDFD679-4710-4A62-B254-E658EED4295B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "A1B81072-08A5-4EC6-B737-E35C505C1E47", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "A0748A9E-5737-48F9-BB66-6576AFE16198", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "453E51D9-89A1-4A91-B218-05C45CC4E329", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "51542BA7-8151-4FC9-9C86-36CEB476B912", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "5F95391C-0B75-47D2-9770-561E05414CEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.8.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "10384675-B949-4B50-AF42-B5A3EE27250B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "7C0DB1C0-5749-4508-A265-C2138F7852E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "CA9977CF-575C-4A19-84C8-EBB68EBE88C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "87C525C5-E282-4EC6-956F-0C94DC11FC69", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta12:*:*:beta:*:*:*", "matchCriteriaId": "7F02A2A8-6312-4F6D-ABBF-952CA4C5E02E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta13:*:*:beta:*:*:*", "matchCriteriaId": "DE54D1A3-FC2A-40DE-9177-50332208B0B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta14:*:*:beta:*:*:*", "matchCriteriaId": "170AE3DA-92C1-4D1D-9CAC-543C01FFF479", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta15:*:*:beta:*:*:*", "matchCriteriaId": "2130C3C5-E4A5-41C3-89F0-C6FB4E47D096", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta16:*:*:beta:*:*:*", "matchCriteriaId": "74248527-B884-4134-95C8-DEAF3D774A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta17:*:*:beta:*:*:*", "matchCriteriaId": "01A8AF9C-8BF6-4ADC-A85A-A5C1F9FFB2C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "B4038D09-467C-4815-A429-F0E1E3E545E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "6F273237-7223-4047-83B7-16A49B7E554A", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "CF26EE13-554C-4180-98A2-238D84E40927", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "12688C9C-291D-4BF2-93F9-09AA323C52A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "A7F7A437-D538-4B44-AC41-C95641A11A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "9BB61DCF-52DB-498D-8779-D565E548C285", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "EE56BB77-B7F7-4BE7-AD9C-33888C5D01FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:1.9.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "9DB49E1D-BCC8-4984-A81D-5DAC5E3DF168", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "F775EA72-CCE3-4230-A666-EFDAA61F71FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "5E65BDEE-850A-41C6-8CFB-BD8B3A105CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "AF196429-FDED-4C3F-9F7D-0A2BF7DCAD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "64B84326-5397-4C60-8007-F7E7D81DC661", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "9A0A526A-9662-4E39-8BF6-E464BE1A2B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "712DACC2-A21E-429F-8A7B-86D8F7CE3468", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "6E93F9F6-5B03-4F77-B8B4-AEC9E4011692", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "C5B2B98E-804F-4525-B726-3F1DF2693F79", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "582E339F-678A-4377-8EE0-8F4208E3EF78", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.0.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "1BF1D945-6EAA-4FA7-8252-2FED079587F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "9325DFF5-EA7B-4B8D-A227-4B1A59449CE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "0ECB28DA-3CA1-4011-9170-BFBF2ED3E091", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "2A6399B0-471B-4B26-859C-3836F2A6B7D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "131E2AE4-E35D-495D-8907-3B899BB8AC41", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "83601528-0DD9-4835-B6C0-0F341871CC15", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.1.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "4AEB5AAF-73EB-4356-8C53-10E22B2F910E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "9EB199D6-E253-4EC2-BF0B-059F7B6662ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "94A586EB-B0E0-4190-88DF-3BCC04E5EF84", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "0BF27B44-9AA7-4B91-9B4B-0E84418F5632", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "461744BD-3974-4C33-8514-0A917DC90C6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "6A86FB2B-6915-49C0-B993-0711AAECA5FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "9EF3DD36-2776-4CD2-A3F1-88872024D223", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "D91D71ED-F08F-4DB5-B7DD-062E7C11435F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "62B5812A-FB52-4F4B-9A15-3AA5CD6562E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "83231EC0-E3F7-4E35-B165-487C2725B4F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.2.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "A53AFFA6-7B98-47F2-9BD7-71C83A69CE26", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "A42D3FB9-9197-4101-A729-876C490BD572", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "A5DE0C47-0C66-4EFE-AF82-1B22F4F54A44", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "E587D10F-BEF8-4923-AF76-6DC3172880EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "155568EF-6A7E-423A-B5EA-D20E407B271B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "7E94B119-8C75-43DF-A2DF-A5B3E04F0778", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "5348F94F-F6AE-4400-8AC7-036111EF43D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "57948A73-C9C5-4C24-947D-0A4659C7002E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "3532EE37-2D0F-496C-B5A8-F9315FFB4552", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "2CAE7CC9-B91D-494C-B91A-497D6FE6B14B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "623BBBF8-4121-466A-82C8-D179B02B3E34", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.3.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "648D010A-8B8D-42AA-8888-09E4E0FAA954", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "8ADC7613-25E3-4CB8-A962-2775C20E4D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "1B0099F0-A275-4C65-9B79-041374F183DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "FE69800E-5CB5-4916-879C-51DE5E94489F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "8C64EAFE-2B60-4D95-869F-4A2FC98B99C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "AB2045F1-AC39-4738-B3F0-33F00D23C921", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "E32589F8-2E87-40D2-BAD3-E6C1C088CA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "4868BAFD-BFE5-4361-855A-644B040E7233", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "4B6C25BF-5B2A-43C4-8918-E32BA9DD8A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "EB9917D3-D848-4D2B-8A44-B3723BA377DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "7046D95B-73CE-406B-ACC3-FD71F7DEC7CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.4.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "D3BA5033-2C06-42FF-962E-48EBA2EBB469", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "630D29DE-0FD7-4306-BA80-20D0791D334B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "08F94E42-07A1-480D-B6DD-D96AE38F1EBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "FA4B3DE5-21DA-4185-AF74-AAA6DD89FB3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "E602BEF9-E89D-40F7-BC6F-5C6F9F25BA97", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "C06A8627-683D-4328-BE7A-4A33A4B736F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "E3EF8240-D3F5-422C-B70A-90C6CBA4E622", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.5.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "93CC792D-AE0B-498E-8374-5D09EF4E28FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "093D4EA8-B002-4AB4-97C9-CEE4D70BF3C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "4C778180-E7BF-4EF2-8B19-0388E23E1424", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "0C0B2BC1-35F1-4A1D-B9B2-54426B4ADF34", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "6BCAB620-465A-41FF-A064-FB638DD3A557", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "6AFCB802-A275-444C-8245-D0397322125F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.6.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "9F9B70E2-AAAD-4E61-AEB2-E5F635F6AAD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "6182074E-C467-448C-9299-B92CFE4EEBE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "09EA8F36-7647-42D0-8675-34C002E0754D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "9CE2276A-9680-4B14-9636-806F7E4C1669", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "AD150166-4C8D-47E3-989A-1A71A46C36A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "CF5CA6AD-FA4D-47DF-A684-5DAD7662EA13", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "B94F75B8-7C84-4727-9D18-114A815E1906", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "4D94E03A-32EE-408F-81FA-4B9C25AA7DDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "AD495875-007C-4A90-B940-B62E6FA492CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.7.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "05F1B84E-8AF8-46E8-9DE9-00D1DE348C2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "BCCEFDFB-61E6-4846-8093-B5CEB0D8450C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "0BC63647-B692-4BB9-9A3D-6F8DF19C3494", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "05F0ED55-C8C6-47C1-859A-60046838B6F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "6A2D59BC-2EE8-4F9C-AB5B-B9D01B44F7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "933DFEBC-5568-431B-809D-AFAEFD08E985", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "BE920E80-C02B-4EC8-982F-ADE89C936684", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "CDAE3441-12BA-41F4-8A5A-B2EE844C86BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "1443EA1B-D210-4219-8452-CBFD5FACBC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "948A4B4A-A11F-477E-BEC5-0D60C7E3570C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "98B2A052-5427-4B72-9F59-82F430836CB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "CB6D636E-B51F-4648-A637-62B2603BA18F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "3DA17871-7ED7-4D68-A46D-D15DC5B3235F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:beta:*:*:*", "matchCriteriaId": "705FE965-0415-4382-8CA1-A19DF3B5EF35", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:beta:*:*:*", "matchCriteriaId": "BC6EDCE3-D564-434F-9A7F-D4A6D579F8F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:beta:*:*:*", "matchCriteriaId": "FB05E54B-9CF6-45A7-8D47-C98DB6D19E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:beta:*:*:*", "matchCriteriaId": "03CD1C5E-18F5-4C6D-B92C-C511C8C12D0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:beta:*:*:*", "matchCriteriaId": "FF4ABB9D-69DF-42D5-AD60-F9CEEC1B6730", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "7B4DCCF5-E290-4BDA-AAB9-DF362A2EB7B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "3AE1F3A2-8340-4ED7-B943-ACDA9617DF64", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:beta:*:*:*", "matchCriteriaId": "5E033AB7-9987-4C30-849F-2495376CA4F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "D87E9338-C7F6-43BA-886F-C30987ADBA1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "E24EB90F-FE81-4746-8741-8DC9346F79C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:beta:*:*:*", "matchCriteriaId": "D237956F-FC90-467E-A493-24EFDA1A9F2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:beta:*:*:*", "matchCriteriaId": "F7AA9AB8-AB6F-43E2-B3E5-685EE9BFE7D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:beta:*:*:*", "matchCriteriaId": "5BC240A1-431E-4A50-88DC-7AC9BC674254", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta15:*:*:beta:*:*:*", "matchCriteriaId": "3F85AFD4-D397-4FDB-B762-521BD5FF14C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.0.0:beta16:*:*:beta:*:*:*", "matchCriteriaId": "D40CDCE1-3462-4D6C-A3C7-487F175264CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*", "matchCriteriaId": "B9BBED17-A6BA-4F17-8814-8D8521F28375", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*", "matchCriteriaId": "888B8ECF-EBE0-4821-82F6-B0026E95E407", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*", "matchCriteriaId": "FD0302B1-C0BA-49EE-8E1B-E8A43879BFC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta5:*:*:beta:*:*:*", "matchCriteriaId": "9FE11D4E-32EE-48F4-8082-B37D2F804450", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*", "matchCriteriaId": "9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."}], "id": "CVE-2023-38684", "lastModified": "2023-08-03T17:36:39.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-28T16:15:12.290", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}