Input validation error in Discourse - CVE-2022-39226
Published: September 29, 2022 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper input validation in the user profile location and website fields when processing user-supplied profile data. A remote user can submit excessively large text values to cause a denial of service.
Other users are affected when loading the crafted profile.