Input validation error in Discourse - CVE-2023-36818
Published: July 11, 2023 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper input validation in custom sidebar section creation or update handling when processing requests to create or update custom sidebar sections. A remote user can send a specially crafted request with unlimited link creation to cause a denial of service.