CVE-2020-24327
N/A
N/A
Summary
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1
- https://github.com/discourse/discourse/pull/10509
References
- https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1
- https://github.com/discourse/discourse/pull/10509
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.