Input validation error in Discourse - CVE-2024-27085
Published: March 15, 2024 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper input validation in the invite route when handling invite parameters. A remote user can send arbitrarily large data in invite parameters to cause a denial of service.
Exploitation requires permission to invite other users.