CVE-2020-24327

Source
https://cve.org/CVERecord?id=CVE-2020-24327
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24327.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24327
Aliases
Published
2021-09-23T18:15:08.777Z
Modified
2026-07-08T19:02:29.773687Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:discourse:discourse:2.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.6.0:-:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.3.2"
        },
        {
            "last_affected": "2.3.2"
        },
        {
            "introduced": "2.6.0-NA"
        },
        {
            "last_affected": "2.6.0-NA"
        }
    ]
}

Affected versions

2.*
2.3.2
2.6.0-NA
v2.*
v2.3.10
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.6.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24327.json"