Vulnerability CVE-2023-48297
Published: 2024-01-12

Description:
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.

Type:

CWE-400

 (Uncontrolled Resource Consumption ('Resource Exhaustion'))

 References:
https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37
Copyright 2026, cxsecurity.com

 

Back to Top