CVE-2021-41163
CRITICAL9.8EPSS 3.7%RCE via malicious SNS subscription payload
發布日:2024/3/6修改日:2026/3/13
也稱為:BIT-discourse-2021-41163
描述
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.
受影響套件(1)
- Bitnami/discoursefrom 0, < 2.7.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |