PT-2024-27341 · Discourse+1 · Discourse+1
0Xmokusou
+1
·
Published
2024-07-03
·
Updated
2024-09-18
·
CVE-2024-37157
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.2.3 on the stable branch
Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches
Description
Discourse is an open-source discussion platform. A malicious actor could get the FastImage library to redirect requests to an internal Discourse IP.
Recommendations
For Discourse versions prior to 3.2.3 on the stable branch, update to version 3.2.3 or later.
For Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches, update to version 3.3.0.beta4 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse
Fastimage