Unrated severityNVD Advisory· Published Nov 10, 2023· Updated Feb 27, 2025

Discourse SSRF vulnerability in Embedding

CVE-2023-47121

Description

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. As a workaround, disable the Embedding feature.

Affected products

Discourse (software)/Discoursev5
Range: < 3.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1mitrex_refsource_MISC
github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6mitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgcmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000