Описание
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. As a workaround, disable the Embedding feature.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.3 (исключая)Версия до 3.2.0 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*
EPSS
Процентиль: 60%
0.00398
Низкий
3.4 Low
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-918
EPSS
Процентиль: 60%
0.00398
Низкий
3.4 Low
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-918