CVSS 3.1 Score 4.3 of 10 (medium)


Published Jul 28, 2023
Updated: Aug 3, 2023
CWE ID 770


CVE-2023-37906 is a vulnerability in the Discourse open-source discussion platform. Versions prior to 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches are affected. A malicious user can exploit this vulnerability by editing a post in a topic and causing a Denial of Service (DoS) attack with a carefully crafted edit reason. The issue has been patched in the mentioned versions, and there are no known workarounds for this vulnerability. The potential danger it poses to organizations is considered medium, with a base severity score of 4.3 out of 10, as per the Common Vulnerability Scoring System (CVSS).


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37906 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options