{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T22:02:38.256","vulnerabilities":[{"cve":{"id":"CVE-2023-47120","sourceIdentifier":"security-advisories@github.com","published":"2023-11-10T16:15:33.473","lastModified":"2026-06-17T06:32:11.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."},{"lang":"es","value":"Discourse es una plataforma de código abierto para el debate comunitario. En las versiones 3.1.0 a 3.1.2 de la rama \"stable\" y en las versiones 3.1.0, beta6 a 3.2.0.beta2 de las ramas \"beta\" y \"tests-passed\", la memoria de Redis se puede agotar al crear un sitio con una URL de favicon anormalmente larga y redactando múltiples publicaciones en Onebox. El problema se solucionó en la versión 3.1.3 de la rama \"stable\" y en la versión 3.2.0.beta3 de las ramas \"beta\" y \"tests-passed\". No se conocen workarounds."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 3.1.0, < 3.1.3","status":"affected"},{"version":">= 3.1.0.beta6, < 3.2.0.beta3","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"discourse","product":"discourse","defaultStatus":"unknown","cpes":["cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"3.1.3","versionType":"custom","status":"affected"},{"version":"3.1.0.beta6","lessThan":"3.2.0.beta3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-03T18:51:47.225796Z","id":"CVE-2023-47120","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.3","matchCriteriaId":"50504A87-E983-44B1-9148-91A3F5851F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.1.0:beta6:*:*:beta:*:*:*","matchCriteriaId":"9D797DA5-1AE5-4D49-B133-AF45D7FB0A4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.1.0:beta7:*:*:beta:*:*:*","matchCriteriaId":"4C868514-CFCE-4DA6-B15E-CB64CDF21609"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.1.0:beta8:*:*:beta:*:*:*","matchCriteriaId":"755DE44D-B1C7-4434-824F-5544BE6DD1CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"1BFF647B-6CEF-43BF-BF5E-C82B557F78E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"10D931DE-F8F5-4A34-A30A-FDD4420ABD1A"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}