5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.5%
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
github.com/discourse/discourse/pull/10509
github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1