Critical Remote Code Execution Vulnerability in Discourse Platform

Published on 26 Oct 2021

Updated on 26 Oct 2021

The developers of Discourse, an open-source discussion platform, have released a security update to address a critical remote code execution vulnerability (CVE-2021-41163). This vulnerability may allow an unauthenticated attacker to exploit the platform via a maliciously crafted request.

 

The vulnerability affects Discourse versions 2.7.8 and earlier.  

 

Users and administrators of the affected versions are advised to upgrade to the latest versions immediately. 

 

More information is available here:
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq

https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
https://www.bleepingcomputer.com/news/security/cisa-urges-admins-to-patch-critical-discourse-code-execution-bug/