Dark C0d3rs

Full Version: HackerOne Disclosed Reports - 2026-06-30
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Logo
High
resolved

Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint


Bug reported by dpaysm was disclosed at June 30, 2026, 2:28 am   |   Uncontrolled Resource Consumption

A Denial of Service (DoS) vulnerability was identified in the /drafts.json endpoint on the Discourse forum. Large payloads (around 800,000 characters or more) submitted to create drafts caused the server to process the request, return a 502 Bad Gateway error, but still save the draft. Submitting multiple such large drafts led to significant server delays, with response times exceeding 32 seconds, indicating resource exhaustion.