CVE-2022-41921

Discourse chat messages should have a maximum character limit

Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.


We have discovered 840 live websites that are affected by CVE-2022-41921.

Contact us to get more info




Affected Software

Product  Discourse
Category Message Boards
Vulnerable Domains840 live websites (16.08% of Discourse install base)
Vulnerable Versions
  • from 0 before 2.9
Vulnerable Versions Count70 versions ( 73.68% of all versions)


Common Weakness Enumeration

CWE-20 Improper Input Validation



Details

  • Published - Nov 28, 2022
  • Updated - Aug 3, 2024

CVE-2022-41921 usage by Country

United States556 websites



Germany70 websites
France39 websites
China24 websites
Singapore24 websites
GB17 websites
Canada9 websites
Brazil8 websites
Netherlands8 websites

CVE-2022-41921 usage by TLD

.com360 websites
.org134 websites
.io40 websites
.net32 websites
.de20 websites
.co13 websites
.fr11 websites
.eu10 websites
.ru9 websites
.com.br8 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2022-41921

Top websites that are affected by CVE-2022-41921. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.***.com France*,***
*********.*******.org United States**,***
******.********.com United States**,***
*********.***************.com United States**,***
*********.**********.io United States***,***
***.***********.org Germany***,***
*********.****.ly United States***,***
*************.de United States***,***
*****.***********.com United States***,***
*************.com United States***,***
See full domain list

FAQ

CVE-2022-41921 is Improper Input Validation in Discourse
A total of 840 websites have been identified as vulnerable to CVE-2022-41921, discovered through global website indexing conducted by WebTechSurvey.
Discourse is susceptible to CVE-2022-41921 vulnerability.
Discourse versions before 2.9 are vulnerable to CVE-2022-41921.
Version 2.9 of Discourse addresses the CVE-2022-41921 security vulnerability.