Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
We have discovered 826 live websites that are affected by CVE-2022-23548.
Product | Discourse |
Category | Message Boards |
Vulnerable Domains | 826 live websites (15.81% of Discourse install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 69 versions ( 72.63% of all versions) |
United States | 553 websites |
Germany | 67 websites |
France | 37 websites |
China | 24 websites |
Singapore | 24 websites |
GB | 17 websites |
Brazil | 8 websites |
Netherlands | 8 websites |
Russia | 8 websites |
.com | 356 websites |
.org | 132 websites |
.io | 40 websites |
.net | 32 websites |
.de | 20 websites |
.co | 13 websites |
.fr | 10 websites |
.ru | 9 websites |
.cn | 8 websites |
.com.br | 8 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.***.com | France | *,*** | |
*********.*******.org | United States | **,*** | |
******.********.com | United States | **,*** | |
*********.***************.com | United States | **,*** | |
*********.**********.io | United States | ***,*** | |
*********.****.ly | United States | ***,*** | |
*************.de | United States | ***,*** | |
*****.***********.com | United States | ***,*** | |
*************.com | United States | ***,*** | |
*********.*********.io | United States | ***,*** |
FAQ