CVE-2022-31182

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-404
View all →

Vulnerability Description

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-18898

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.

CWE-4042017

CVE-2018-8836

MEDIUM
CVSS:5.3(Medium)

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communicat...

CWE-4042018

CVE-2020-12439

MEDIUM
CVSS:5.3(Medium)

Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.

CWE-4042020

CVE-2020-27283

MEDIUM
CVSS:5.3(Medium)

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.

CWE-4042020

CVE-2020-28327

MEDIUM
CVSS:5.3(Medium)

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon re...

CWE-4042020

CVE-2021-21003

MEDIUM
CVSS:5.3(Medium)

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the de...

CWE-4042021