Vulnerabilities > CVE-2023-47121 - Unspecified vulnerability in Discourse
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.
Vulnerable Configurations
References
- https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1
- https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1
- https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6
- https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6
- https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc
- https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc