How severe is CVE-2023-46130?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-46130?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2023-46130 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components.

Related Vulnerabilities

CVE-2017-2613

MEDIUM

CVSS:5.4(Medium)

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could...

CWE-7702017

CVE-2022-35221

MEDIUM

CVSS:5.4(Medium)

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread sub...

CWE-7702022

CVE-2024-4311

MEDIUM

CVSS:5.4(Medium)

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Pas...

CWE-7702024

CVE-2017-0771

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

CWE-7702017

CVE-2017-12144

MEDIUM

CVSS:5.5(Medium)

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-7702017

CVE-2017-13716

MEDIUM

CVSS:5.5(Medium)

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application cra...

CWE-7702017