HackerOne Disclosed Reports - 2026-06-30

0 Replies, 6 Views

Logo
High
resolved

Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint


Bug reported by dpaysm was disclosed at June 30, 2026, 2:28 am   |   Uncontrolled Resource Consumption

A Denial of Service (DoS) vulnerability was identified in the /drafts.json endpoint on the Discourse forum. Large payloads (around 800,000 characters or more) submitted to create drafts caused the server to process the request, return a 502 Bad Gateway error, but still save the draft. Submitting multiple such large drafts led to significant server delays, with response times exceeding 32 seconds, indicating resource exhaustion.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]



Users browsing this thread: 1 Guest(s)