BIT-DISCOURSE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...

EUVD-2025-32062

Malicious code in bioql PyPI...

PT-2025-40301

Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0 and below Description Discourse is a community discussion platform. A flaw exists where malicious meta-commands could be placed within a backup dump and then executed during the restore process. In environments with...

Discourse 命令注入漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A command injection vulnerability exists in Discourse 3.5.0 and prior versions, which stems from a malicious meta-command that can be...