CVE-2024-37157 in Discourseinformazioni

Riassunto

di MITRE • 03/07/2024

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsabile

GitHub M

Prenotare

03/06/2024

Divulgazione

03/07/2024

Moderazione

accettato

CPE

pronto

EPSS

0.00348

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!