Описание
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the beta and tests-passed branches. There are no known workarounds.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.0 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*
EPSS
Процентиль: 30%
0.00115
Низкий
5.7 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-918
EPSS
Процентиль: 30%
0.00115
Низкий
5.7 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-918