CVE-2020-24327

MEDIUM5.3EPSS 0.19%

發布日:2024/3/6修改日:2025/4/3

描述

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

受影響套件(1)

Bitnami/discourse>= 2.3.2, < 2.3.3, >= 2.6.0, < 2.6.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

參考連結(3)

WEBhttps://github.com/discourse/discourse/pull/10509
WEBhttps://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-24327