Vulnerabilities > CVE-2024-37157 - Server-Side Request Forgery (SSRF) vulnerability in Discourse

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
discourse
CWE-918
NVD
Published: 2024-07-03
Updated: 2024-09-18

Summary

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.

Vulnerable Configurations

Part Description Count
Application
Discourse
463

Common Weakness Enumeration (CWE)

References