CVE-2020-24327

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.3.2 through 2.6

Description: A Server Side Request Forgery (SSRF) issue exists via the email function. When writing an email in an editor, it is possible to upload pictures from remote websites.

Recommendations: For versions 2.3.2 through 2.6, as a temporary workaround, consider disabling the email function until a patch is available. Restrict access to the email editor to minimize the risk of exploitation. Avoid using the email function to upload pictures from remote websites until the issue is resolved.