CVE-2021-41163

Description from NVD

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.

Information Acquisition Date:2021-10-27T12:36Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
     source:CONFIRM
     tags:Third Party Advisory    
 https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9
     source:MISC
     tags:Patch    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...252
https://twitter.com/chybeta/status/14519508163995607087
https://www.bleepingcomputer.com/news/security/cisa-urges-a...5
https://github.com/discourse/discourse/security/advisories/...4
https://0day.click/recipe/discourse-sns-rce/3
https://threatpost.com/cisa-critical-rce-discourse/175705/3

▼ Show Information from Twitter(79)


List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com252
twitter.com7
www.bleepingcomputer.com5
github.com4
0day.click3
threatpost.com3

▼ Show Information from Twitter(79)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2021/11/22 Score : 1
Added Har-sia Database : 2021/10/21
Last Modified : 2021/11/22
Highest Scored Date : 2021/10/26
Highest Score : 24