Skip to content

SSRF vulnerability in Embedding

Low
jomaxro published GHSA-hp24-94qf-8cgc Nov 9, 2023

Package

No package listed

Affected versions

stable < 3.1.3; beta/tests-passed < 3.2.0.beta3

Patched versions

stable >= 3.1.3; beta/tests-passed >= 3.2.0.beta3

Description

Impact

Embedding feature is susceptible to SSRF.

Patches

The issue is patched in the latest stable, beta and tests-passed version of Discourse.

Workarounds

Disable Embedding feature

Severity

Low
3.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVE ID

CVE-2023-47121

Weaknesses

No CWEs