CVE-2021-41271

Summary

Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.

Affected Software

VendorProductVersion RangeStatus
discoursediscourse< 2.7.10affected
discoursediscourse>= 2.8.0, < 2.8.0.beta8affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References