5 matches found
CVE-2022-31182
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...
CVE-2022-31182
creationtimestamp| type| source ---|---|--- 2022-08-02 00:17:14+00:00| seen| https://t.me/cibsecurity/47373...
Discourse 2.9.x < 2.9.0.beta7 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2022-31182
CVE-2022-31182 affects Discourse. A maliciously crafted request for static assets can cause error responses to be cached by Discourse’s default NGINX proxy configuration (cache poisoning). Root cause: incorrect/unsafe caching behavior in the proxy setup when handling static asset requests. Affect...
CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...