Infinite loop in Discourse - CVE-2022-23641
Published: February 15, 2022 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to an infinite loop in the Onebox background job when parsing posted streaming URLs. A remote user can post a streaming URL to cause a denial of service.
The issue can lead to memory leaks during background parsing.