17 matches found
EUVD-2024-36469
Malicious code in bioql PyPI...
CVE-2023-28112
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...
BIT-DISCOURSE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on...
Discourse 3.3.x - 3.3.0.beta4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2024-37157
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on...
CVE-2024-37157
Discourse prior to version 3.2.3 on the stable branch and 3.3.0.beta4 on the beta/tests-passed branches is vulnerable to an SSRF via the FastImage library, which could redirect requests to an internal Discourse IP. The issue is patched in 3.2.3 (stable) and 3.3.0.beta4 (beta/tests-passed). No pub...
CVE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on...
CVE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on...
CVE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on...
PT-2024-27341 · Discourse +1 · Discourse +1
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. A malicious actor could get the FastImage libra...
BIT-DISCOURSE-2023-28112 Discourse's SSRF protection missing for some FastImage requests
Discourse is an open-source discussion platform. Prior to version 3.1.0, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This...
CVE-2023-28112
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...
CVE-2023-28112
Discourse (open‑source discussion platform) has a CVE-2023-28112 issue affecting the beta and tests-passed branches prior to 3.1.0.beta3. The root cause is missing SSRF protection in how some user-provided URLs are passed to FastImage, enabling outbound connections from the Discourse server to pr...
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...