{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.7.12" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta1" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta2" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta3" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta4" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta5" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta6" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta7" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta8" }, { "introduced": "0" }, { "last_affected": "2.8.0-beta9" } ] }, "events": [ { "introduced": "0" }, { "fixed": "81b398030ef4389a4a8192a287bc1b26203d58e0" }, { "introduced": "0" }, { "last_affected": "05c1d3c9cdd7f3e365bedc397dd92a7e7bc2c40f" }, { "introduced": "0" }, { "last_affected": "41038d6cdb289962b13778b0a00152b439d4a940" }, { "introduced": "0" }, { "last_affected": "5f8fa976d45c9e00a2a289cc18593e1af110783e" }, { "introduced": "0" }, { "last_affected": "cb858af8c79032a90bc374d566225c75e22cf6a6" }, { "introduced": "0" }, { "last_affected": "c6f1818b85a8b7883adff0fdb5ada2fbe87cfe04" }, { "introduced": "0" }, { "last_affected": "f0d2b0f2f08fc201031c85e1669dbd82dcd9b543" }, { "introduced": "0" }, { "last_affected": "ae91818c194a79b9a5216f2a2709a331f3509207" }, { "introduced": "0" }, { "last_affected": "cbfe48b9902736998ebe89079745c7557e0d8664" }, { "introduced": "0" }, { "last_affected": "c4d3b6556d750b9157a766ee370f2b4945dbb986" }, { "fixed": "7a8ec129fb54f188b2da6588c9d24d3a36eb0d39" } ], "repo": "https://github.com/discourse/discourse", "type": "GIT" } ] } ], "details": "Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist.", "id": "CVE-2021-43850", "modified": "2026-03-13T21:58:25.901755301Z", "published": "2022-01-04T20:15:07.667Z", "references": [ { "type": "FIX", "url": "https://github.com/discourse/discourse/commit/7a8ec129fb54f188b2da6588c9d24d3a36eb0d39" }, { "type": "EVIDENCE", "url": "https://github.com/discourse/discourse/security/advisories/GHSA-59jr-pj65-qmvr" } ], "related": [ "GHSA-59jr-pj65-qmvr" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "type": "CVSS_V3" } ] }