CVE-2021-41163

Name of the Vulnerable Software and Affected Versions Discourse versions 2.7.8 and earlier

Description Discourse is an open source platform for community discussion. In affected versions, maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe url values. It is estimated that around 14,300 sites are potentially vulnerable, with 8,639 potentially vulnerable systems located in the USA.

Recommendations To resolve the issue, update to version 2.7.9 or later. As a temporary workaround, consider blocking requests with a path starting with /webhooks/aws at an upstream proxy.