CVE-2024-37157 in Discourseالمعلومات

الملخص

بحسب MITRE • 03/07/2024

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

مسؤول

GitHub M

حجز

03/06/2024

إفشاء

03/07/2024

الاعتدال

تمت الموافقة

إدخال

VDB-270325

EPSS

0.00348

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!