CVE-2023-25167

medium

Description

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.

References

https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w

https://github.com/discourse/discourse/commit/ec4c30270887366dc28788bc4ab8a22a098573cd

Details

Source: Mitre, NVD

Published: 2023-02-08

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.0114