2 matches found
PT-2026-52079
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description When using Ruby versions older than 3.4, the PrivateAddressCheck.private address? function incorrectly returns false for...
CVE-2023-28111
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, attackers are able to bypass Discourse's server-side request forgery SSRF protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the...