CVE-2023-28440: 
NixOS vulnerability analysis and mitigation

Discourse, an open source platform for community discussion, was found to have a vulnerability (CVE-2023-28440) that affects versions prior to 3.0.3 and 3.1.0.beta4. The vulnerability was discovered and disclosed in April 2023, primarily impacting shared hosting environments where administrators are untrusted (GitHub Advisory).

The vulnerability allows a maliciously crafted request from a Discourse administrator to trigger a long-running request that eventually results in a timeout. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 2.7 (LOW), with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L. This indicates that while the attack vector is network-accessible and requires low attack complexity, it necessitates high privileges and has limited impact on availability (NVD).

The vulnerability's primary impact is on system availability, particularly in shared hosting environments where administrators are untrusted. The attack can lead to service disruption through long-running requests and eventual timeouts (GitHub Advisory).

This vulnerability has been patched in Discourse versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade to these or later versions. There are no known workarounds for this vulnerability, making the upgrade the only effective mitigation strategy (GitHub Advisory).