BIT-discourse-2023-47121

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2023-47121.json

Aliases

CVE-2023-47121
GHSA-hp24-94qf-8cgc

Published

2023-11-18T07:16:44.824Z

Modified

2023-11-18T08:11:20.672150Z

Details

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. As a workaround, disable the Embedding feature.

References

Affected packages

Bitnami / discourse

Package

Name: discourse

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.3

Introduced

0The exact introduced commit is unknown

Fixed

3.2.0

Type: SEMVER
Events: Introduced

3.2.0-beta1

Last affected

3.2.0-beta1

Introduced

3.2.0-beta2

Last affected

3.2.0-beta2