Unrated severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025
Cache poisoning via maliciously-formed request in Discourse
CVE-2022-31182
Description
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: < 2.8.7
Patches
Vulnerability mechanics
References
2- github.com/discourse/discourse/commit/7af25544c3940c4d046c51f4cfac9c72a06d4f50mitrex_refsource_MISC
- github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6ppmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.